git.samba.org / gd / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 735fc34)
smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
authorStefan Metzmacher <metze@samba.org>
Wed, 15 Sep 2021 15:22:39 +0000 (17:22 +0200)
committerRalph Boehme <slow@samba.org>
Wed, 1 Dec 2021 11:04:29 +0000 (11:04 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
source3/smbd/smb2_server.c patch | blob | history

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 4f302c3541934ebe7c5b992c3440ac8148f9ed32..fd02c129c408276fd5b1e9280b4b632af6e257b3 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3194,7 +3194,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
                const uint8_t *body = SMBD_SMB2_IN_BODY_PTR(req);
                size_t body_size = SMBD_SMB2_IN_BODY_LEN(req);
                uint32_t in_ctl_code;
-               size_t needed = 4;
+               size_t needed = 8;
 
                if (needed > body_size) {
                        return smbd_smb2_request_error(req,
Unnamed repository; edit this file 'description' to name the repository.