summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2013-08-27 09:37:34 +0000
committerJeremy Allison <jra@samba.org>2013-08-28 23:37:08 +0200
commit40f60024ca19e33cbbe9825b42692f386a8f1dd9 (patch)
treea9d14846733b4409eb6ec87b9d42393d180b6bd5 /source3/smbd
parent91939614760837b2ac2c6bb8b5daac108a4f4670 (diff)
downloadsamba-40f60024ca19e33cbbe9825b42692f386a8f1dd9.tar.gz
samba-40f60024ca19e33cbbe9825b42692f386a8f1dd9.tar.bz2
samba-40f60024ca19e33cbbe9825b42692f386a8f1dd9.zip
smbd: Correctly return BUFFER_OVERFLOW in smb2_getinfo
Also, don't overflow the client buffer Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/smb2_getinfo.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index c6a143331b..4111aa1dc0 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -406,6 +406,11 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
if (tevent_req_nomem(state->out_output_buffer.data, req)) {
return tevent_req_post(req, ev);
}
+ if (data_size > in_output_buffer_length) {
+ state->out_output_buffer.length =
+ in_output_buffer_length;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
}
SAFE_FREE(data);
break;
@@ -454,6 +459,11 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
if (tevent_req_nomem(state->out_output_buffer.data, req)) {
return tevent_req_post(req, ev);
}
+ if (data_size > in_output_buffer_length) {
+ state->out_output_buffer.length =
+ in_output_buffer_length;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
}
SAFE_FREE(data);
break;