summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2013-08-27 09:36:03 +0000
committerJeremy Allison <jra@samba.org>2013-08-28 23:37:08 +0200
commit91939614760837b2ac2c6bb8b5daac108a4f4670 (patch)
treeb952ab5d8b93696da2c4939510d17082c5ccbdaa
parentac41df91a5a425633fc716ca02187e753879d795 (diff)
downloadsamba-91939614760837b2ac2c6bb8b5daac108a4f4670.tar.gz
samba-91939614760837b2ac2c6bb8b5daac108a4f4670.tar.bz2
samba-91939614760837b2ac2c6bb8b5daac108a4f4670.zip
smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
We have to return this error if the client offered less than the fixed portion of the infolevel data requires Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r--source3/smbd/smb2_getinfo.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 698e7752dd..c6a143331b 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -392,6 +392,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
}
+ if (in_output_buffer_length < fixed_portion) {
+ SAFE_FREE(data);
+ tevent_req_nterror(
+ req, NT_STATUS_INFO_LENGTH_MISMATCH);
+ return tevent_req_post(req, ev);
+ }
if (data_size > 0) {
state->out_output_buffer = data_blob_talloc(state,
data,
@@ -434,6 +440,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
}
+ if (in_output_buffer_length < fixed_portion) {
+ SAFE_FREE(data);
+ tevent_req_nterror(
+ req, NT_STATUS_INFO_LENGTH_MISMATCH);
+ return tevent_req_post(req, ev);
+ }
if (data_size > 0) {
state->out_output_buffer = data_blob_talloc(state,
data,