r17930: Merge noinclude branch:

[gd/samba-autobuild/.git] / source4 / libcli / raw / rawtrans.c

diff --git a/source4/libcli/raw/rawtrans.c b/source4/libcli/raw/rawtrans.c
index 118ac5e3fdf90743d98ab7a81e3d2a6216a725c3..cd309e0736bb9b861f8599b3d444b3e763dc1938 100644 (file)
--- a/source4/libcli/raw/rawtrans.c
+++ b/source4/libcli/raw/rawtrans.c
@@ -20,7 +20,7 @@
 */
 
 #include "includes.h"
-#include "dlinklist.h"
+#include "lib/util/dlinklist.h"
 #include "libcli/raw/libcliraw.h"
 
 #define TORTURE_TRANS_DATA 0
@@ -216,6 +216,14 @@ struct smbcli_request *smb_raw_trans_send_backend(struct smbcli_tree *tree,
        size_t namelen = 0;
        uint16_t data_disp, data_length, max_data;
 
+       if (parms->in.params.length > UINT16_MAX ||
+           parms->in.data.length > UINT16_MAX) {
+               DEBUG(3,("Attempt to send invalid trans2 request (params %u, data %u)\n",
+                        (unsigned)parms->in.params.length, (unsigned)parms->in.data.length));
+               return NULL;
+       }
+           
+
        if (command == SMBtrans)
                padding = 1;
        else
@@ -332,7 +340,10 @@ struct smbcli_request *smb_raw_trans_send_backend(struct smbcli_tree *tree,
                SSVAL(req2->out.vwv,VWV(7), data_disp);
                SSVAL(req2->out.vwv,VWV(8), 0xFFFF);
 
-               memcpy(req2->out.data, parms->in.data.data + data_disp, data_length);
+               if (data_length != 0) {
+                       memcpy(req2->out.data, parms->in.data.data + data_disp, 
+                              data_length);
+               }
                
                data_disp += data_length;