diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-11-18 13:20:43 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-11-18 15:13:52 +0100 |
commit | 20df0f34a8670f0dd5f3eaeb74af900f535bbe01 (patch) | |
tree | 56874cef916091871199bde308f74924b4909676 /source3/libsmb | |
parent | d3cb61cf05485eda26280186bfa3850e2e6bcca9 (diff) | |
download | samba-20df0f34a8670f0dd5f3eaeb74af900f535bbe01.tar.gz samba-20df0f34a8670f0dd5f3eaeb74af900f535bbe01.tar.bz2 samba-20df0f34a8670f0dd5f3eaeb74af900f535bbe01.zip |
s3:libsmb: verify num_setup for SMBnttrans in cli_pull_trans()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Nov 18 15:13:52 CET 2011 on sn-devel-104
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/clitrans.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index 8ac31d89f1..5c73e2da74 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -120,6 +120,7 @@ static NTSTATUS cli_pull_trans(uint8_t *inbuf, if (wct < 18) { return NT_STATUS_INVALID_NETWORK_RESPONSE; } + expected_num_setup = wct - 18; *ptotal_param = IVAL(vwv, 3); *ptotal_data = IVAL(vwv, 7); *pnum_param = IVAL(vwv, 11); @@ -129,6 +130,9 @@ static NTSTATUS cli_pull_trans(uint8_t *inbuf, data_ofs = IVAL(vwv, 27); *pdata_disp = IVAL(vwv, 31); *pnum_setup = CVAL(vwv, 35); + if (expected_num_setup < (*pnum_setup)) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } *psetup = vwv + 18; break; |