check for a 0 byte in the buffer in SMB2 read

author: Andrew Tridgell <tridge@samba.org> 2008-09-24 17:33:15 -0700
committer: Andrew Tridgell <tridge@samba.org> 2008-09-24 18:10:23 -0700
commit: a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c (patch)
tree: 8aa2f3ff04dece5fd935621d62043a10bd434d1e /source4/smb_server/smb2/fileio.c
parent: 7e57626d1d5a4497ecf5b4c741b8486e7ab97733 (diff)
download: samba-a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c.tar.gz
samba-a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c.tar.bz2
samba-a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c
index 2c322ea587..4f4402ba33 100644
--- a/source4/smb_server/smb2/fileio.c
+++ b/source4/smb_server/smb2/fileio.c
@@ -254,6 +254,12 @@ void smb2srv_read_recv(struct smb2srv_request *req)
 	union smb_read *io;
 
 	SMB2SRV_CHECK_BODY_SIZE(req, 0x30, true);
+
+	/* MS-SMB2 2.2.19 read must have a single byte of zero */
+	if (req->in.body_size - req->in.body_fixed < 1) {
+		smb2srv_send_error(req,  NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
 	SMB2SRV_TALLOC_IO_PTR(io, union smb_read);
 	SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC);
author	Andrew Tridgell <tridge@samba.org>	2008-09-24 17:33:15 -0700
committer	Andrew Tridgell <tridge@samba.org>	2008-09-24 18:10:23 -0700
commit	a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c (patch)
tree	8aa2f3ff04dece5fd935621d62043a10bd434d1e /source4/smb_server/smb2/fileio.c
parent	7e57626d1d5a4497ecf5b4c741b8486e7ab97733 (diff)
download	samba-a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c.tar.gz samba-a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c.tar.bz2 samba-a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c.zip