svn commit: samba r23007 - in branches: SAMBA_3_0/source/smbd
SAMBA_3_0_26/source/smbd
jra at samba.org
jra at samba.org
Sat May 19 01:27:36 GMT 2007
Author: jra
Date: 2007-05-19 01:27:34 +0000 (Sat, 19 May 2007)
New Revision: 23007
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23007
Log:
Ensure we don't allow large read over the possible
packet size.
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/reply.c
branches/SAMBA_3_0_26/source/smbd/reply.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/reply.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/reply.c 2007-05-18 23:56:34 UTC (rev 23006)
+++ branches/SAMBA_3_0/source/smbd/reply.c 2007-05-19 01:27:34 UTC (rev 23007)
@@ -2718,6 +2718,10 @@
if (srv_is_signing_active() || srv_encryption_on()) {
return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
+ /* Is there room in the reply for this data ? */
+ if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
big_readX = True;
}
}
Modified: branches/SAMBA_3_0_26/source/smbd/reply.c
===================================================================
--- branches/SAMBA_3_0_26/source/smbd/reply.c 2007-05-18 23:56:34 UTC (rev 23006)
+++ branches/SAMBA_3_0_26/source/smbd/reply.c 2007-05-19 01:27:34 UTC (rev 23007)
@@ -2716,6 +2716,10 @@
if (srv_is_signing_active()) {
return ERROR_NT(NT_STATUS_NOT_SUPPORTED);
}
+ /* Is there room in the reply for this data ? */
+ if (smb_maxcnt > (0xFFFFFF - (smb_size -4 + 12*2))) {
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
big_readX = True;
}
}
More information about the samba-cvs
mailing list