diff options
author | Jeremy Allison <jra@samba.org> | 2010-09-15 10:50:50 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-09-15 10:50:50 -0700 |
commit | 627de92521cb20c5387656946bcbf5ecf3be5332 (patch) | |
tree | 0fa475558e73b78245e843b8952c8675278bd6f9 /source3 | |
parent | 6400f3ee62108e3dd1e6c1013ccea9fb4b08d562 (diff) | |
download | samba-627de92521cb20c5387656946bcbf5ecf3be5332.tar.gz samba-627de92521cb20c5387656946bcbf5ecf3be5332.tar.bz2 samba-627de92521cb20c5387656946bcbf5ecf3be5332.zip |
Add check for invalid data size.
Jeremy.
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/nttrans.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index b602a51611..9b3085c327 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2237,7 +2237,7 @@ static void call_nt_transact_ioctl(connection_struct *conn, */ struct dom_sid sid; uid_t uid; - size_t sid_len = MIN(data_count-4,SID_MAX_SIZE); + size_t sid_len; DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum)); @@ -2245,6 +2245,13 @@ static void call_nt_transact_ioctl(connection_struct *conn, return; } + if (data_count < 8) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; + } + + sid_len = MIN(data_count-4,SID_MAX_SIZE); + /* unknown 4 bytes: this is not the length of the sid :-( */ /*unknown = IVAL(pdata,0);*/ |