From 56cd17dfe145c2df2b39ad295136c4922bee8e43 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 13 Aug 2008 19:57:19 +0200
Subject: Protect against short read&x replies (This used to be commit
 4ed73cbbbeff4b554cc8d28252b756241396b3a1)

---
 source3/libsmb/clireadwrite.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source3/libsmb/clireadwrite.c')

diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index a57f1e0785..4d3027694f 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -138,6 +138,10 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
 		return status;
 	}
 
+	if (wct < 12) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+
 	/* size is the number of bytes the server returned.
 	 * Might be zero. */
 	size = SVAL(cli_req->inbuf, smb_vwv5);
-- 
cgit