summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libcli/smb/smbXcli_base.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index dcec6ed79e..14737fb8b1 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3952,16 +3952,23 @@ static NTSTATUS smbXcli_negprot_dispatch_incoming(struct smbXcli_conn *conn,
struct tevent_req *subreq;
struct smbXcli_req_state *substate;
struct tevent_req *req;
- uint32_t protocol_magic = IVAL(inbuf, 4);
+ uint32_t protocol_magic;
+ size_t inbuf_len = smb_len_nbt(inbuf);
if (num_pending != 1) {
return NT_STATUS_INTERNAL_ERROR;
}
+ if (inbuf_len < 4) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
subreq = conn->pending[0];
substate = tevent_req_data(subreq, struct smbXcli_req_state);
req = tevent_req_callback_data(subreq, struct tevent_req);
+ protocol_magic = IVAL(inbuf, 4);
+
switch (protocol_magic) {
case SMB_MAGIC:
tevent_req_set_callback(subreq, smbXcli_negprot_smb1_done, req);
generated by cgit (git 2.34.1) at 2024-11-25 23:59:53 +0000