Security fix for CVE-2008-1105: Boundary failure when parsing SMB responses

can result in a buffer overrun.
Jeremy.
(This used to be commit 23b825e9d2c74c5b940cf4d3aa56c18692259972)

1 files changed, 4 insertions, 2 deletions

diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index e128e1ce34..d274e09299 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -171,7 +171,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 		if (c != -1 && FD_ISSET(c, &fds)) {
 			size_t len;
 			if (!NT_STATUS_IS_OK(receive_smb_raw(
-						     c, packet, 0, 0, &len))) {
+							c, packet, sizeof(packet),
+							0, 0, &len))) {
 				d_printf("client closed connection\n");
 				exit(0);
 			}
@@ -184,7 +185,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 		if (s != -1 && FD_ISSET(s, &fds)) {
 			size_t len;
 			if (!NT_STATUS_IS_OK(receive_smb_raw(
-						     s, packet, 0, 0, &len))) {
+							s, packet, sizeof(packet),
+							0, 0, &len))) {
 				d_printf("server closed connection\n");
 				exit(0);
 			}