summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-05-19 01:27:34 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:22:14 -0500
commit63e74f305920a44606d1b0380c605e00fca14940 (patch)
tree97d412098dee0cffea0ccc7cbe20df92dd7da46c /source3
parent92dba2329fcdb00a756d670bbb303091426a4147 (diff)
downloadsamba-63e74f305920a44606d1b0380c605e00fca14940.tar.gz
samba-63e74f305920a44606d1b0380c605e00fca14940.tar.bz2
samba-63e74f305920a44606d1b0380c605e00fca14940.zip
r23007: Ensure we don't allow large read over the possible
packet size. Jeremy. (This used to be commit 5d465dd2d559df29d18a844137c8e14ffbb1a269)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/reply.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 24fff5da52..c71c7b8bea 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2718,6 +2718,10 @@ int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
if (srv_is_signing_active() || srv_encryption_on()) {
return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
+ /* Is there room in the reply for this data ? */
+ if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
big_readX = True;
}
}