From d36434f31268b75040311352f23c92c9a61e8cda Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 28 May 2008 09:31:42 -0700
Subject: Security fix for CVE-2008-1105: Boundary failure when parsing SMB
 responses can result in a buffer overrun. Jeremy. (This used to be commit
 23b825e9d2c74c5b940cf4d3aa56c18692259972)

---
 source3/utils/smbfilter.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source3/utils/smbfilter.c')

diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index e128e1ce34..d274e09299 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -171,7 +171,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 		if (c != -1 && FD_ISSET(c, &fds)) {
 			size_t len;
 			if (!NT_STATUS_IS_OK(receive_smb_raw(
-						     c, packet, 0, 0, &len))) {
+							c, packet, sizeof(packet),
+							0, 0, &len))) {
 				d_printf("client closed connection\n");
 				exit(0);
 			}
@@ -184,7 +185,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 		if (s != -1 && FD_ISSET(s, &fds)) {
 			size_t len;
 			if (!NT_STATUS_IS_OK(receive_smb_raw(
-						     s, packet, 0, 0, &len))) {
+							s, packet, sizeof(packet),
+							0, 0, &len))) {
 				d_printf("server closed connection\n");
 				exit(0);
 			}
-- 
cgit