As requested I changed the buffer size malloced to be more obvious -
in this case to match exactly what is returned from the first call (ie
snapshot length + the sizeof the snapshot info structure which
precedes the snapshot list, ie 16 bytes).  The snapshot array size is
12 bytes, but rounding it to 8 byte boundary causes the minimum to be
16 bytes.

On Thu, Mar 28, 2019 at 11:02 AM David Disseldorp <ddiss@suse.de> wrote:
>
> On Thu, 28 Mar 2019 05:05:35 -0500, Steve French wrote:
>
> > +     /* Now that we know the size, query the list from the server */
> > +
> > +     /* Make sure the buf size is big enough even to handle unexpected server behavior */
> > +     buf = malloc(snap_inf.snapshot_array_size + 300);
>
> The buffer length calculations seem pretty arbitrary here, wouldn't it
> make sense to use something like the following (with a maximum limit)?
> sizeof(struct smb_snapshot_array) +
>         (snap_inf.number_of_snapshots * GMT_TOKEN_LEN)
>
> Cheers, David



-- 
Thanks,

Steve