I'm amazed when I see widely-used, well-respected code using hardcoded constants. Today was no exception when I saw an
alert about a potential buffer overflow in Samba 2.2.6.
The offending code:
--- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002
+++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
@@ -63,7 +63,7 @@
if(len > 128)
len = 128;
/* Password must be converted to NT unicode - null terminated. */
- dos_struni2((char *)wpwd, (const char *)passwd, 256);
+ dos_struni2((char *)wpwd, (const char *)passwd, len);
/* Calculate length in bytes */
len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
