svn commit: samba r24500 - in branches/SAMBA_3_2/source/smbd: .
jra at samba.org
jra at samba.org
Thu Aug 16 23:53:52 GMT 2007
Author: jra
Date: 2007-08-16 23:53:51 +0000 (Thu, 16 Aug 2007)
New Revision: 24500
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24500
Log:
Add check that bcc is correct in an incoming packet.
Jeremy.
Modified:
branches/SAMBA_3_2/source/smbd/process.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/process.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/process.c 2007-08-16 22:50:57 UTC (rev 24499)
+++ branches/SAMBA_3_2/source/smbd/process.c 2007-08-16 23:53:51 UTC (rev 24500)
@@ -70,13 +70,22 @@
req->vuid = SVAL(inbuf, smb_uid);
req->tid = SVAL(inbuf, smb_tid);
req->wct = CVAL(inbuf, smb_wct);
- /* Ensure we have at least wct words. */
+ /* Ensure we have at least wct words and 2 bytes of bcc. */
if (smb_size + req->wct*2 > req_size) {
DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
(unsigned int)req->wct,
(unsigned int)req_size));
exit_server_cleanly("Invalid SMB request");
}
+ /* Ensure bcc is correct. */
+ if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
+ DEBUG(0,("init_smb_request: invalid bcc number %u "
+ "(wct = %u, size %u)\n",
+ (unsigned int)smb_buflen(inbuf),
+ (unsigned int)req->wct,
+ (unsigned int)req_size));
+ exit_server_cleanly("Invalid SMB request");
+ }
req->inbuf = inbuf;
req->outbuf = NULL;
}
More information about the samba-cvs
mailing list