From eb8634b2f02bb0134435a964bb9687f0de32b349 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 31 May 2008 13:39:51 +1000
Subject: check for requested buffer size in getinfo call (This used to be
 commit ed8f16379d01d3dffd2645e2b275aa27507dfec9)

---
 source4/smb_server/smb2/fileinfo.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/smb_server/smb2')

diff --git a/source4/smb_server/smb2/fileinfo.c b/source4/smb_server/smb2/fileinfo.c
index 942000133c..6c4b8f33d5 100644
--- a/source4/smb_server/smb2/fileinfo.c
+++ b/source4/smb_server/smb2/fileinfo.c
@@ -53,6 +53,11 @@ static void smb2srv_getinfo_send(struct ntvfs_request *ntvfs)
 		SMB2SRV_CHECK(op->send_fn(op));
 	}
 
+	if (op->info->in.output_buffer_length < op->info->out.blob.length) {
+		smb2srv_send_error(req,  NT_STATUS_INFO_LENGTH_MISMATCH);
+		return;
+	}
+
 	SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, true, op->info->out.blob.length));
 
 	SMB2SRV_CHECK(smb2_push_o16s32_blob(&req->out, 0x02, op->info->out.blob));
-- 
cgit