diff options
author | Jeremy Allison <jra@samba.org> | 2011-09-21 11:40:01 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-09-21 22:12:40 +0200 |
commit | d89bbe9b0a989b8b5b1ecbd43c063a388e122aaf (patch) | |
tree | 158f6cea95b3c3060d51709d8a43901e31933fd1 | |
parent | e68ebe600d9349e16e83aeb8e6ae8647c117d098 (diff) | |
download | samba-d89bbe9b0a989b8b5b1ecbd43c063a388e122aaf.tar.gz samba-d89bbe9b0a989b8b5b1ecbd43c063a388e122aaf.tar.bz2 samba-d89bbe9b0a989b8b5b1ecbd43c063a388e122aaf.zip |
Fix bug #8474 - SMB2 create doesn't cope with an Apple client using NULL blob in create
Cope with zero length data_offset and data_length values.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep 21 22:12:40 CEST 2011 on sn-devel-104
-rw-r--r-- | libcli/smb/smb2_create_blob.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/libcli/smb/smb2_create_blob.c b/libcli/smb/smb2_create_blob.c index 444dc840af..b44f28a01f 100644 --- a/libcli/smb/smb2_create_blob.c +++ b/libcli/smb/smb2_create_blob.c @@ -63,9 +63,10 @@ NTSTATUS smb2_create_blob_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer, name_offset > remaining || name_length != 4 || /* windows enforces this */ name_offset + name_length > remaining || - data_offset < name_offset + name_length || - data_offset > remaining || - data_offset + (uint64_t)data_length > remaining) { + (data_offset && (data_offset < name_offset + name_length)) || + (data_offset && (data_offset > remaining)) || + (data_offset && data_length && + (data_offset + (uint64_t)data_length > remaining))) { return NT_STATUS_INVALID_PARAMETER; } @@ -88,6 +89,9 @@ NTSTATUS smb2_create_blob_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer, data += next; if (remaining < 16) { + DEBUG(0,("smb2_create_blob_parse: remaining1 = %d, next = %d\n", + (int)remaining, + (int)next)); return NT_STATUS_INVALID_PARAMETER; } } |