From 35d09869edf09b2af394a3eea1ee7b9ef1ba696b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 5 Jul 2007 18:28:18 +0000
Subject: r23728: First part of bugfix for #4763. Limit notify responses to
 client max buf size. Jeremy. (This used to be commit
 6113f56919a3cd7fd753808dbbe473603851bc3c)

---
 source3/smbd/notify.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index 1b75916942..746a8f47e5 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -22,6 +22,9 @@
 
 #include "includes.h"
 
+/* Max size we can send to client in a notify response. */
+extern int max_send;
+
 struct notify_change_request {
 	struct notify_change_request *prev, *next;
 	struct files_struct *fsp;	/* backpointer for cancel by mid */
@@ -147,6 +150,15 @@ void change_notify_reply(const char *request_buf,
 
 	buflen = smb_size+38+prs_offset(&ps) + 4 /* padding */;
 
+	if (buflen > max_send) {
+		/*
+		 * We exceed what the client is willing to accept. Send
+		 * nothing.
+		 */
+		change_notify_reply_packet(request_buf, NT_STATUS_OK);
+		goto done;
+	}
+
 	if (!(outbuf = SMB_MALLOC_ARRAY(char, buflen))) {
 		change_notify_reply_packet(request_buf, NT_STATUS_NO_MEMORY);
 		goto done;
-- 
cgit