git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 21d53cb)
Fix buggy data_len calculation in echo. Add paranoia debug message.
authorJeremy Allison <jra@samba.org>
Thu, 16 Oct 2003 18:17:41 +0000 (18:17 +0000)
committerJeremy Allison <jra@samba.org>
Thu, 16 Oct 2003 18:17:41 +0000 (18:17 +0000)
Jeremy.
(This used to be commit 8fb05cfa3afd9777c161271c4c3cec0d6d5150f2)

source3/smbd/reply.c patch | blob | history

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index ec63be32b4091d2d52d0e416bb44c2cf7732b3c7..011186ba89caf0b1309650a5da8fe858ae5ed404 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2784,7 +2784,11 @@ int reply_echo(connection_struct *conn,
        int outsize = set_message(outbuf,1,data_len,True);
        START_PROFILE(SMBecho);
 
-       data_len = MIN(data_len, (sizeof(inbuf)-(smb_buf(inbuf)-inbuf)));
+       if (data_len > BUFFER_SIZE) {
+               DEBUG(0,("reply_echo: data_len too large.\n"));
+               END_PROFILE(SMBecho);
+               return -1;
+       }
 
        /* copy any incoming data back out */
        if (data_len > 0)
Unnamed repository; edit this file 'description' to name the repository.