On Thu, 28 Mar 2019 05:05:35 -0500, Steve French wrote: > + /* Now that we know the size, query the list from the server */ > + > + /* Make sure the buf size is big enough even to handle unexpected server behavior */ > + buf = malloc(snap_inf.snapshot_array_size + 300); The buffer length calculations seem pretty arbitrary here, wouldn't it make sense to use something like the following (with a maximum limit)? sizeof(struct smb_snapshot_array) + (snap_inf.number_of_snapshots * GMT_TOKEN_LEN) Cheers, David
