diff options
author | Jeremy Allison <jra@samba.org> | 2003-10-16 18:17:41 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-10-16 18:17:41 +0000 |
commit | eafd0371402009db8051d04b1ae988e8f8817031 (patch) | |
tree | 2d6087637547e4cc93ad33558868d22f79fd2252 /source3/smbd | |
parent | 21d53cbbaef23bce63ff4deebf9273ac036e7979 (diff) | |
download | samba-eafd0371402009db8051d04b1ae988e8f8817031.tar.gz samba-eafd0371402009db8051d04b1ae988e8f8817031.tar.bz2 samba-eafd0371402009db8051d04b1ae988e8f8817031.zip |
Fix buggy data_len calculation in echo. Add paranoia debug message.
Jeremy.
(This used to be commit 8fb05cfa3afd9777c161271c4c3cec0d6d5150f2)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/reply.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index ec63be32b4..011186ba89 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2784,7 +2784,11 @@ int reply_echo(connection_struct *conn, int outsize = set_message(outbuf,1,data_len,True); START_PROFILE(SMBecho); - data_len = MIN(data_len, (sizeof(inbuf)-(smb_buf(inbuf)-inbuf))); + if (data_len > BUFFER_SIZE) { + DEBUG(0,("reply_echo: data_len too large.\n")); + END_PROFILE(SMBecho); + return -1; + } /* copy any incoming data back out */ if (data_len > 0) |