{
this_data = SVAL(inbuf,smb_drcnt);
this_param = SVAL(inbuf,smb_prcnt);
+
+ if (this_data + *data_len > total_data ||
+ this_param + *param_len > total_param) {
+ DEBUG(1,("Data overflow in cli_receive_trans_response\n"));
+ return False;
+ }
+
if (this_data)
memcpy(*data + SVAL(inbuf,smb_drdisp),
smb_base(inbuf) + SVAL(inbuf,smb_droff),
/* send a session setup command */
bzero(outbuf,smb_size);
+ if (passlen > MAX_PASSWORD_LENGTH) {
+ DEBUG(1,("password too long %d\n", passlen));
+ return False;
+ }
+
if (Protocol < PROTOCOL_NT1) {
set_message(outbuf,10,1 + strlen(username) + passlen,True);
CVAL(outbuf,smb_com) = SMBsesssetupX;