Description: fix info leak via SRV_SNAPSHOT_ARRAY response field
Origin: upstream, http://git.samba.org/?p=samba.git;a=commit;h=ab51cd90a077c2938620afedc61e2da21cb509be
Origin: upstream, http://git.samba.org/?p=samba.git;a=commit;h=dbe2ef7f66c4c5cde1e1300675fcb78f4de3af70

Index: samba-4.1.6+dfsg/source3/modules/vfs_default.c
===================================================================
--- samba-4.1.6+dfsg.orig/source3/modules/vfs_default.c	2013-12-05 04:16:48.000000000 -0500
+++ samba-4.1.6+dfsg/source3/modules/vfs_default.c	2014-06-23 14:24:58.269462929 -0400
@@ -1141,7 +1141,7 @@
 		if (!labels) {
 			*out_len = 16;
 		} else {
-			*out_len = 12 + labels_data_count + 4;
+			*out_len = 12 + labels_data_count;
 		}
 
 		if (max_out_len < *out_len) {
@@ -1151,7 +1151,7 @@
 			return NT_STATUS_BUFFER_TOO_SMALL;
 		}
 
-		cur_pdata = talloc_array(ctx, char, *out_len);
+		cur_pdata = talloc_zero_array(ctx, char, *out_len);
 		if (cur_pdata == NULL) {
 			TALLOC_FREE(shadow_data);
 			return NT_STATUS_NO_MEMORY;
@@ -1168,7 +1168,7 @@
 		}
 
 		/* needed_data_count 4 bytes */
-		SIVAL(cur_pdata, 8, labels_data_count + 4);
+		SIVAL(cur_pdata, 8, labels_data_count);
 
 		cur_pdata += 12;