diff options
author | Volker Lendecke <vl@samba.org> | 2013-08-27 09:36:03 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2013-08-28 23:37:08 +0200 |
commit | 91939614760837b2ac2c6bb8b5daac108a4f4670 (patch) | |
tree | b952ab5d8b93696da2c4939510d17082c5ccbdaa | |
parent | ac41df91a5a425633fc716ca02187e753879d795 (diff) | |
download | samba-91939614760837b2ac2c6bb8b5daac108a4f4670.tar.gz samba-91939614760837b2ac2c6bb8b5daac108a4f4670.tar.bz2 samba-91939614760837b2ac2c6bb8b5daac108a4f4670.zip |
smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
We have to return this error if the client offered less than the fixed
portion of the infolevel data requires
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source3/smbd/smb2_getinfo.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index 698e7752dd..c6a143331b 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -392,6 +392,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, tevent_req_nterror(req, status); return tevent_req_post(req, ev); } + if (in_output_buffer_length < fixed_portion) { + SAFE_FREE(data); + tevent_req_nterror( + req, NT_STATUS_INFO_LENGTH_MISMATCH); + return tevent_req_post(req, ev); + } if (data_size > 0) { state->out_output_buffer = data_blob_talloc(state, data, @@ -434,6 +440,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, tevent_req_nterror(req, status); return tevent_req_post(req, ev); } + if (in_output_buffer_length < fixed_portion) { + SAFE_FREE(data); + tevent_req_nterror( + req, NT_STATUS_INFO_LENGTH_MISMATCH); + return tevent_req_post(req, ev); + } if (data_size > 0) { state->out_output_buffer = data_blob_talloc(state, data, |