check for requested buffer size in getinfo call

(This used to be commit ed8f16379d01d3dffd2645e2b275aa27507dfec9)
author: Andrew Tridgell <tridge@samba.org> 2008-05-31 13:39:51 +1000
committer: Andrew Tridgell <tridge@samba.org> 2008-05-31 13:39:51 +1000
commit: eb8634b2f02bb0134435a964bb9687f0de32b349 (patch)
tree: 6c602331836e19f6d6315971c412681d951fc49f /source4/smb_server/smb2
parent: 57b7b0fcf64f9d6d3393ee379f8c34a2c369674c (diff)
download: samba-eb8634b2f02bb0134435a964bb9687f0de32b349.tar.gz
samba-eb8634b2f02bb0134435a964bb9687f0de32b349.tar.bz2
samba-eb8634b2f02bb0134435a964bb9687f0de32b349.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/smb_server/smb2/fileinfo.c b/source4/smb_server/smb2/fileinfo.c
index 942000133c..6c4b8f33d5 100644
--- a/source4/smb_server/smb2/fileinfo.c
+++ b/source4/smb_server/smb2/fileinfo.c
@@ -53,6 +53,11 @@ static void smb2srv_getinfo_send(struct ntvfs_request *ntvfs)
 		SMB2SRV_CHECK(op->send_fn(op));
 	}
 
+	if (op->info->in.output_buffer_length < op->info->out.blob.length) {
+		smb2srv_send_error(req,  NT_STATUS_INFO_LENGTH_MISMATCH);
+		return;
+	}
+
 	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, true, op->info->out.blob.length));
 
 	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, op->info->out.blob));
author	Andrew Tridgell <tridge@samba.org>	2008-05-31 13:39:51 +1000
committer	Andrew Tridgell <tridge@samba.org>	2008-05-31 13:39:51 +1000
commit	eb8634b2f02bb0134435a964bb9687f0de32b349 (patch)
tree	6c602331836e19f6d6315971c412681d951fc49f /source4/smb_server/smb2
parent	57b7b0fcf64f9d6d3393ee379f8c34a2c369674c (diff)
download	samba-eb8634b2f02bb0134435a964bb9687f0de32b349.tar.gz samba-eb8634b2f02bb0134435a964bb9687f0de32b349.tar.bz2 samba-eb8634b2f02bb0134435a964bb9687f0de32b349.zip