summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-09-15 10:50:50 -0700
committerJeremy Allison <jra@samba.org>2010-09-15 10:50:50 -0700
commit627de92521cb20c5387656946bcbf5ecf3be5332 (patch)
tree0fa475558e73b78245e843b8952c8675278bd6f9
parent6400f3ee62108e3dd1e6c1013ccea9fb4b08d562 (diff)
downloadsamba-627de92521cb20c5387656946bcbf5ecf3be5332.tar.gz
samba-627de92521cb20c5387656946bcbf5ecf3be5332.tar.bz2
samba-627de92521cb20c5387656946bcbf5ecf3be5332.zip
Add check for invalid data size.
Jeremy.
-rw-r--r--source3/smbd/nttrans.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index b602a51611..9b3085c327 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2237,7 +2237,7 @@ static void call_nt_transact_ioctl(connection_struct *conn,
*/
struct dom_sid sid;
uid_t uid;
- size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
+ size_t sid_len;
DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
@@ -2245,6 +2245,13 @@ static void call_nt_transact_ioctl(connection_struct *conn,
return;
}
+ if (data_count < 8) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ sid_len = MIN(data_count-4,SID_MAX_SIZE);
+
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/