Protect against short read&x replies

author Volker Lendecke <vl@samba.org>

Wed, 13 Aug 2008 17:57:19 +0000 (19:57 +0200)

committer Volker Lendecke <vl@samba.org>

Sat, 23 Aug 2008 13:12:39 +0000 (15:12 +0200)
author Volker Lendecke <vl@samba.org>
Wed, 13 Aug 2008 17:57:19 +0000 (19:57 +0200)
committer Volker Lendecke <vl@samba.org>
Sat, 23 Aug 2008 13:12:39 +0000 (15:12 +0200)
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c

index a57f1e07857e19f3937ad51b9bbfed7c63bbc47f..4d3027694f984aaa363f1910782df832e9e923fc 100644 (file)
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -138,6 +138,10 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
                 return status;
         }
  
+       if (wct < 12) {
+               return NT_STATUS_INVALID_NETWORK_RESPONSE;
+       }
+
         /* size is the number of bytes the server returned.
          * Might be zero. */
         size = SVAL(cli_req->inbuf, smb_vwv5);
author	Volker Lendecke <vl@samba.org>
	Wed, 13 Aug 2008 17:57:19 +0000 (19:57 +0200)
committer	Volker Lendecke <vl@samba.org>
	Sat, 23 Aug 2008 13:12:39 +0000 (15:12 +0200)