diff options
| author | Volker Lendecke <vl@samba.org> | 2013-08-27 09:37:34 +0000 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2013-09-06 10:48:38 +0200 |
| commit | 0e91fd6f6f80f25901771dc2c008a0293019bc2d (patch) | |
| tree | 5f2120c8cb68c6d1f09c18f40e4e162491d4b80b /source3/smbd | |
| parent | 9444c6fce8dd99543957fd22d7274a69fc2b200f (diff) | |
| download | samba-0e91fd6f6f80f25901771dc2c008a0293019bc2d.tar.gz | |
smbd: Correctly return BUFFER_OVERFLOW in smb2_getinfo
Also, don't overflow the client buffer
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 40f60024ca19e33cbbe9825b42692f386a8f1dd9)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/smb2_getinfo.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index c6a143331b..4111aa1dc0 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -406,6 +406,11 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, if (tevent_req_nomem(state->out_output_buffer.data, req)) { return tevent_req_post(req, ev); } + if (data_size > in_output_buffer_length) { + state->out_output_buffer.length = + in_output_buffer_length; + status = STATUS_BUFFER_OVERFLOW; + } } SAFE_FREE(data); break; @@ -454,6 +459,11 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, if (tevent_req_nomem(state->out_output_buffer.data, req)) { return tevent_req_post(req, ev); } + if (data_size > in_output_buffer_length) { + state->out_output_buffer.length = + in_output_buffer_length; + status = STATUS_BUFFER_OVERFLOW; + } } SAFE_FREE(data); break; |