diff options
| author | Jeremy Allison <jra@samba.org> | 2003-10-16 18:17:41 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2003-10-16 18:17:41 +0000 |
| commit | eafd0371402009db8051d04b1ae988e8f8817031 (patch) | |
| tree | 2d6087637547e4cc93ad33558868d22f79fd2252 | |
| parent | 21d53cbbaef23bce63ff4deebf9273ac036e7979 (diff) | |
| download | samba-eafd0371402009db8051d04b1ae988e8f8817031.tar.gz samba-eafd0371402009db8051d04b1ae988e8f8817031.tar.bz2 samba-eafd0371402009db8051d04b1ae988e8f8817031.zip | |
Fix buggy data_len calculation in echo. Add paranoia debug message.
Jeremy.
(This used to be commit 8fb05cfa3afd9777c161271c4c3cec0d6d5150f2)
| -rw-r--r-- | source3/smbd/reply.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index ec63be32b4..011186ba89 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2784,7 +2784,11 @@ int reply_echo(connection_struct *conn, int outsize = set_message(outbuf,1,data_len,True); START_PROFILE(SMBecho); - data_len = MIN(data_len, (sizeof(inbuf)-(smb_buf(inbuf)-inbuf))); + if (data_len > BUFFER_SIZE) { + DEBUG(0,("reply_echo: data_len too large.\n")); + END_PROFILE(SMBecho); + return -1; + } /* copy any incoming data back out */ if (data_len > 0) |