diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-10-12 17:46:50 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-10-13 03:32:02 +0200 |
commit | 5e04231e961f10656384a6f16104d0d55b6f3e0e (patch) | |
tree | 71478c9e67126252576961854ac170cacb982e77 | |
parent | 6981f1114792cc251bf1e05183dd88f5d351ab09 (diff) | |
download | samba-5e04231e961f10656384a6f16104d0d55b6f3e0e.tar.gz samba-5e04231e961f10656384a6f16104d0d55b6f3e0e.tar.bz2 samba-5e04231e961f10656384a6f16104d0d55b6f3e0e.zip |
s3:smb2_server: get/set info are limited by max_trans size (bug #8473)
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 13 03:32:02 CEST 2011 on sn-devel-104
-rw-r--r-- | source3/smbd/smb2_getinfo.c | 7 | ||||
-rw-r--r-- | source3/smbd/smb2_setinfo.c | 4 |
2 files changed, 11 insertions, 0 deletions
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index 61e0cfa06c..c5d2d62cd9 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -90,6 +90,13 @@ NTSTATUS smbd_smb2_request_process_getinfo(struct smbd_smb2_request *req) in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base; in_input_buffer.length = in_input_buffer_length; + if (in_input_buffer.length > req->sconn->smb2.max_trans) { + return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); + } + if (in_output_buffer_length > req->sconn->smb2.max_trans) { + return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); + } + if (req->compat_chain_fsp) { /* skip check */ } else if (in_file_id_persistent != in_file_id_volatile) { diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c index 2d39f11bb5..751190ac62 100644 --- a/source3/smbd/smb2_setinfo.c +++ b/source3/smbd/smb2_setinfo.c @@ -81,6 +81,10 @@ NTSTATUS smbd_smb2_request_process_setinfo(struct smbd_smb2_request *req) in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base; in_input_buffer.length = in_input_buffer_length; + if (in_input_buffer.length > req->sconn->smb2.max_trans) { + return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); + } + if (req->compat_chain_fsp) { /* skip check */ } else if (in_file_id_persistent != in_file_id_volatile) { |