From 9f7791a909a17bfbeaa06145d803654b76441d3f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 11 Jun 2020 14:42:49 +0200
Subject: [PATCH] libsmb: Add overflow protection to
 symlink_reparse_buffer_marshall()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source3/libsmb/reparse_symlink.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/reparse_symlink.c b/source3/libsmb/reparse_symlink.c
index f981b5fcce7..b0b51814a55 100644
--- a/source3/libsmb/reparse_symlink.c
+++ b/source3/libsmb/reparse_symlink.c
@@ -53,7 +53,15 @@ bool symlink_reparse_buffer_marshall(
 				   &print_utf16, &print_len)) {
 		goto fail;
 	}
-	dst_len = 20 + subst_len + print_len;
+
+	dst_len = subst_len + 20;
+	if (dst_len < 20) {
+		goto fail;
+	}
+	dst_len += print_len;
+	if (dst_len < print_len) {
+		goto fail;
+	}
 	dst = talloc_array(mem_ctx, uint8_t, dst_len);
 	if (dst == NULL) {
 		goto fail;
-- 
2.34.1