diff options
| author | Jeremy Allison <jra@samba.org> | 2008-05-28 09:31:42 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-05-28 09:31:42 -0700 |
| commit | d36434f31268b75040311352f23c92c9a61e8cda (patch) | |
| tree | fc19fb649d4a6ecf29f43b872975c7f6eeaeebd3 /source3/smbd | |
| parent | 611072fc1cd94e6c9d56ce910fd13f007f6ecb84 (diff) | |
| download | samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.gz samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.bz2 samba-d36434f31268b75040311352f23c92c9a61e8cda.zip | |
Security fix for CVE-2008-1105: Boundary failure when parsing SMB responses
can result in a buffer overrun.
Jeremy.
(This used to be commit 23b825e9d2c74c5b940cf4d3aa56c18692259972)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/process.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index c8ad19dd15..71e38634b7 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -120,9 +120,7 @@ static bool valid_packet_size(size_t len) if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) { DEBUG(0,("Invalid packet length! (%lu bytes).\n", (unsigned long)len)); - if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) { - return false; - } + return false; } return true; } |