check for a 0 byte in the buffer in SMB2 read

author Andrew Tridgell <tridge@samba.org>

Thu, 25 Sep 2008 00:33:15 +0000 (17:33 -0700)

committer Andrew Tridgell <tridge@samba.org>

Thu, 25 Sep 2008 01:10:23 +0000 (18:10 -0700)
author Andrew Tridgell <tridge@samba.org>
Thu, 25 Sep 2008 00:33:15 +0000 (17:33 -0700)
committer Andrew Tridgell <tridge@samba.org>
Thu, 25 Sep 2008 01:10:23 +0000 (18:10 -0700)
diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c

index 2c322ea58765e5763f0cd674c9509c9a9127bda9..4f4402ba3301d2e11ab20958807376c6d925ce70 100644 (file)
--- a/source4/smb_server/smb2/fileio.c
+++ b/source4/smb_server/smb2/fileio.c
@@ -254,6 +254,12 @@ void smb2srv_read_recv(struct smb2srv_request *req)
         union smb_read *io;
  
         SMB2SRV_CHECK_BODY_SIZE(req, 0x30, true);
+
+       /* MS-SMB2 2.2.19 read must have a single byte of zero */
+       if (req->in.body_size - req->in.body_fixed < 1) {
+               smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+               return;
+       }
         SMB2SRV_TALLOC_IO_PTR(io, union smb_read);
         SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
author	Andrew Tridgell <tridge@samba.org>
	Thu, 25 Sep 2008 00:33:15 +0000 (17:33 -0700)
committer	Andrew Tridgell <tridge@samba.org>
	Thu, 25 Sep 2008 01:10:23 +0000 (18:10 -0700)