git.samba.org
/
abartlet
/
samba.git
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
92dba23
)
r23007: Ensure we don't allow large read over the possible
author
Jeremy Allison
<jra@samba.org>
Sat, 19 May 2007 01:27:34 +0000
(
01:27
+0000)
committer
Gerald (Jerry) Carter
<jerry@samba.org>
Wed, 10 Oct 2007 17:22:14 +0000
(12:22 -0500)
packet size.
Jeremy.
(This used to be commit
5d465dd2d559df29d18a844137c8e14ffbb1a269
)
source3/smbd/reply.c
patch
|
blob
|
history
diff --git
a/source3/smbd/reply.c
b/source3/smbd/reply.c
index 24fff5da52d0a9f7287d52afcf22a14de1cafec9..c71c7b8beaedbe26244d6d472b4df32f4fc84b82 100644
(file)
--- a/
source3/smbd/reply.c
+++ b/
source3/smbd/reply.c
@@
-2718,6
+2718,10
@@
int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
if (srv_is_signing_active() || srv_encryption_on()) {
return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
+ /* Is there room in the reply for this data ? */
+ if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
big_readX = True;
}
}