From 891fa216ead2c5001bc8c671639ae59be79b968b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 17 Aug 2007 01:55:58 +0000
Subject: r24501: Added bcc test for reply_tcon & removed Vl's comment :-).
 Jeremy. (This used to be commit 9d9ed41f2139051578c35f80112640cffb5f7608)

---
 source3/smbd/reply.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'source3')

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index a2ea35b115..ce3eebff99 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -442,12 +442,11 @@ void reply_tcon(connection_struct *conn, struct smb_request *req)
 
 	START_PROFILE(SMBtcon);
 
-	/********************************************************************
-	 * Warning! I'm not sure that the inbuf length check is actually 
-	 * correct here. -- vl
-	 *
-	 * Jeremy, please check and remove this comment :-)
-	 ********************************************************************/
+	if (smb_buflen(req->inbuf) < 4) {
+		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		END_PROFILE(SMBtcon);
+		return;
+	}
 
 	p = smb_buf(req->inbuf)+1;
 	p += srvstr_pull_buf_talloc(req, req->inbuf, req->flags2,
-- 
cgit