nb_name_len does not increase size when nn_scope contains only a \0,

do the same on nb_name_encode to avoid a buffer overflow
2013-12-15 21:48:55 +00:00 · 2013-12-15 21:48:55 +00:00 · 55facafc5a
commit 55facafc5a
parent e9f2eda43c
1 changed files with 2 additions and 2 deletions
--- a/dist/smbfs/lib/smb/nb_name.c
+++ b/dist/smbfs/lib/smb/nb_name.c
@ -33,7 +33,7 @@
 */

 #include <sys/cdefs.h>
-__RCSID("$NetBSD: nb_name.c,v 1.6 2013/12/15 21:45:07 stacktic Exp $");
+__RCSID("$NetBSD: nb_name.c,v 1.7 2013/12/15 21:48:55 stacktic Exp $");

 #include <sys/param.h>
 #include <sys/socket.h>
@ -183,7 +183,7 @@ nb_name_encode(struct nb_name *np, u_char *dst)
 		cp += 2;
 	}
 	*cp = 0;
-	if (np->nn_scope == NULL)
+	if (np->nn_scope == NULL || *np->nn_scope == 0)
 		return nb_encname_len(dst);
 	plen = cp++;
 	lblen = 0;