git.samba.org / abartlet / samba.git / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 92dba23)
r23007: Ensure we don't allow large read over the possible
authorJeremy Allison <jra@samba.org>
Sat, 19 May 2007 01:27:34 +0000 (01:27 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:22:14 +0000 (12:22 -0500)
packet size.
Jeremy.
(This used to be commit 5d465dd2d559df29d18a844137c8e14ffbb1a269)

source3/smbd/reply.c patch | blob | history

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 24fff5da52d0a9f7287d52afcf22a14de1cafec9..c71c7b8beaedbe26244d6d472b4df32f4fc84b82 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2718,6 +2718,10 @@ int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
                        if (srv_is_signing_active() || srv_encryption_on()) {
                                return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
                        }
+                       /* Is there room in the reply for this data ? */
+                       if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2)))  {
+                               return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+                       }
                        big_readX = True;
                }
        }
Unnamed repository; edit this file to name it for gitweb.