git.samba.org
/
bbaumbach
/
samba-autobuild
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
21d53cb
)
Fix buggy data_len calculation in echo. Add paranoia debug message.
author
Jeremy Allison
<jra@samba.org>
Thu, 16 Oct 2003 18:17:41 +0000
(18:17 +0000)
committer
Jeremy Allison
<jra@samba.org>
Thu, 16 Oct 2003 18:17:41 +0000
(18:17 +0000)
Jeremy.
(This used to be commit
8fb05cfa3afd9777c161271c4c3cec0d6d5150f2
)
source3/smbd/reply.c
patch
|
blob
|
history
diff --git
a/source3/smbd/reply.c
b/source3/smbd/reply.c
index ec63be32b4091d2d52d0e416bb44c2cf7732b3c7..011186ba89caf0b1309650a5da8fe858ae5ed404 100644
(file)
--- a/
source3/smbd/reply.c
+++ b/
source3/smbd/reply.c
@@
-2784,7
+2784,11
@@
int reply_echo(connection_struct *conn,
int outsize = set_message(outbuf,1,data_len,True);
START_PROFILE(SMBecho);
- data_len = MIN(data_len, (sizeof(inbuf)-(smb_buf(inbuf)-inbuf)));
+ if (data_len > BUFFER_SIZE) {
+ DEBUG(0,("reply_echo: data_len too large.\n"));
+ END_PROFILE(SMBecho);
+ return -1;
+ }
/* copy any incoming data back out */
if (data_len > 0)