Security fix for CVE-2008-1105: Boundary failure when parsing SMB responses

can result in a buffer overrun. Jeremy. (This used to be commit 23b825e9d2c74c5b940cf4d3aa56c18692259972)
author: Jeremy Allison <jra@samba.org> 2008-05-28 09:31:42 -0700
committer: Jeremy Allison <jra@samba.org> 2008-05-28 09:31:42 -0700
commit: d36434f31268b75040311352f23c92c9a61e8cda (patch)
tree: fc19fb649d4a6ecf29f43b872975c7f6eeaeebd3 /source3/smbd/process.c
parent: 611072fc1cd94e6c9d56ce910fd13f007f6ecb84 (diff)
download: samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.gz
samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.bz2
samba-d36434f31268b75040311352f23c92c9a61e8cda.zip
1 files changed, 1 insertions, 3 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c8ad19dd15..71e38634b7 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -120,9 +120,7 @@ static bool valid_packet_size(size_t len)
 	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
 		DEBUG(0,("Invalid packet length! (%lu bytes).\n",
 					(unsigned long)len));
-		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
-			return false;
-		}
+		return false;
 	}
 	return true;
 }
author	Jeremy Allison <jra@samba.org>	2008-05-28 09:31:42 -0700
committer	Jeremy Allison <jra@samba.org>	2008-05-28 09:31:42 -0700
commit	d36434f31268b75040311352f23c92c9a61e8cda (patch)
tree	fc19fb649d4a6ecf29f43b872975c7f6eeaeebd3 /source3/smbd/process.c
parent	611072fc1cd94e6c9d56ce910fd13f007f6ecb84 (diff)
download	samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.gz samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.bz2 samba-d36434f31268b75040311352f23c92c9a61e8cda.zip