3 files changed, 15 insertions, 1 deletions

diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 00857de1c6..5ed5ef5c76 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -115,7 +115,7 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
 		if (sd->dacl == NULL) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		sd->dacl->revision = SD_REVISION;
+		sd->dacl->revision = NT4_ACL_REVISION;
 		sd->dacl->size     = 0;
 		sd->dacl->num_aces = 0;
 		sd->dacl->aces     = NULL;
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index ba92cdc31c..216c9b4a71 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -52,6 +52,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
 	if (token->num_sids > 1) {
 		sd->group_sid = token->user_sids[1];
 	}
+	sd->type |= SEC_DESC_DACL_PRESENT;
 
 	for (i=0;i<token->num_sids;i++) {
 		struct security_ace ace;
diff --git a/source4/smb_server/nttrans.c b/source4/smb_server/nttrans.c
index d405af53d9..27fb4d22db 100644
--- a/source4/smb_server/nttrans.c
+++ b/source4/smb_server/nttrans.c
@@ -413,6 +413,19 @@ void reply_nttrans(struct smbsrv_request *req)
 		return;
 	}
 
+	if (trans.out.setup_count > trans.in.max_setup) {
+		req_reply_error(req, NT_STATUS_BUFFER_TOO_SMALL);
+		return;
+	}
+	if (trans.out.params.length > trans.in.max_param) {
+		status = NT_STATUS_BUFFER_TOO_SMALL;
+		trans.out.params.length = trans.in.max_param;
+	}
+	if (trans.out.data.length > trans.in.max_data) {
+		status = NT_STATUS_BUFFER_TOO_SMALL;
+		trans.out.data.length = trans.in.max_data;
+	}
+
 	params_left = trans.out.params.length;
 	data_left   = trans.out.data.length;
 	params      = trans.out.params.data;