libcli/auth: reject computer_name longer than 15 chars

This matches Windows, it seems they use a fixed size field to store
netlogon_creds_CredentialState.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 8c893ee08eedc726ac4870bf1ccccf3ddfd9ce95..6669b465b731cc4cb0716a2cd7db52286490b52f 100644 (file)
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -78,6 +78,14 @@ NTSTATUS schannel_store_session_key_tdb(struct db_context *db_sc,
        char *name_upper;
        NTSTATUS status;
 
+       if (strlen(creds->computer_name) > 15) {
+               /*
+                * We may want to check for a completely
+                * valid netbios name.
+                */
+               return STATUS_BUFFER_OVERFLOW;
+       }
+
        name_upper = strupper_talloc(mem_ctx, creds->computer_name);
        if (!name_upper) {
                return NT_STATUS_NO_MEMORY;