s3-smbd Ensure we do not read past the end of a possible NTLMSSP blob

Signed-off-by: Andrew Tridgell <tridge@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2011-07-26 14:11:56 +1000
committer: Andrew Bartlett <abartlet@samba.org> 2011-08-03 18:48:04 +1000
commit: 36112a442fd851d79fef847bf75d570454116df8 (patch)
tree: db47b7421c53c624f1b7b5a3b0893ca0a3e39900 /source3/smbd/smb2_sesssetup.c
parent: ef69e140d817688c6bba1b40713001f316421754 (diff)
download: samba-36112a442fd851d79fef847bf75d570454116df8.tar.gz
samba-36112a442fd851d79fef847bf75d570454116df8.tar.bz2
samba-36112a442fd851d79fef847bf75d570454116df8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 45acff2778..a3283117b4 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -758,7 +758,7 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
 						out_session_flags,
 						out_security_buffer,
 						out_session_id);
-	} else if (strncmp((char *)(in_security_buffer.data), "NTLMSSP", 7) == 0) {
+	} else if (in_security_buffer.length > 7 && strncmp((char *)(in_security_buffer.data), "NTLMSSP", 7) == 0) {
 		return smbd_smb2_raw_ntlmssp_auth(session,
 						smb2req,
 						in_security_mode,
author	Andrew Bartlett <abartlet@samba.org>	2011-07-26 14:11:56 +1000
committer	Andrew Bartlett <abartlet@samba.org>	2011-08-03 18:48:04 +1000
commit	36112a442fd851d79fef847bf75d570454116df8 (patch)
tree	db47b7421c53c624f1b7b5a3b0893ca0a3e39900 /source3/smbd/smb2_sesssetup.c
parent	ef69e140d817688c6bba1b40713001f316421754 (diff)
download	samba-36112a442fd851d79fef847bf75d570454116df8.tar.gz samba-36112a442fd851d79fef847bf75d570454116df8.tar.bz2 samba-36112a442fd851d79fef847bf75d570454116df8.zip