[SCM] Samba Shared Repository - branch v3-6-test updated
Jeremy Allison
jra at samba.org
Wed Sep 15 11:52:24 MDT 2010
The branch, v3-6-test has been updated
via 1cfef70 Add check for invalid data size.
via abdb519 Merge branch 'v3-6-test' of ssh://git.samba.org/data/git/samba into v3-6-test
via f892045 ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings.
from 4e3bcaf s3: Fix some debug msgs in ntlm_auth
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 1cfef7083cbeab838b1ea91aa5e0880ed24afe4c
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 15 10:50:50 2010 -0700
Add check for invalid data size.
Jeremy.
(cherry picked from commit 627de92521cb20c5387656946bcbf5ecf3be5332)
commit abdb519c788d1c22fc9065f3a0dcd2c48f47b063
Merge: f892045fe06bac1079fe542fe426a42d8a2f17ac 4e3bcaf0074c021da0b2be424aec6f2de55900e5
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 15 10:51:39 2010 -0700
Merge branch 'v3-6-test' of ssh://git.samba.org/data/git/samba into v3-6-test
commit f892045fe06bac1079fe542fe426a42d8a2f17ac
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 14 17:57:23 2010 +0200
ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings.
Guenther
(cherry picked from commit 33da33c59e431f6f097bdd143fb48db465607669)
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/ntlmssp.idl | 4 ++--
source3/smbd/nttrans.c | 9 ++++++++-
2 files changed, 10 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/ntlmssp.idl b/librpc/idl/ntlmssp.idl
index e26dc31..b9be7da 100644
--- a/librpc/idl/ntlmssp.idl
+++ b/librpc/idl/ntlmssp.idl
@@ -105,10 +105,10 @@ interface ntlmssp
[charset(DOS),value("NTLMSSP")] uint8 Signature[8];
[value(NtLmNegotiate)] ntlmssp_MessageType MessageType;
NEGOTIATE NegotiateFlags;
- [value(strlen(DomainName))] uint16 DomainNameLen;
+ [value(DomainName ? strlen(DomainName) : 0)] uint16 DomainNameLen;
[value(DomainNameLen)] uint16 DomainNameMaxLen;
[relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *DomainName;
- [value(strlen(Workstation))] uint16 WorkstationLen;
+ [value(Workstation ? strlen(Workstation) : 0)] uint16 WorkstationLen;
[value(WorkstationLen)] uint16 WorkstationMaxLen;
[relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *Workstation;
[switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index ac5cc2f..a0ea0d6 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2236,7 +2236,7 @@ static void call_nt_transact_ioctl(connection_struct *conn,
*/
struct dom_sid sid;
uid_t uid;
- size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
+ size_t sid_len;
DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
@@ -2244,6 +2244,13 @@ static void call_nt_transact_ioctl(connection_struct *conn,
return;
}
+ if (data_count < 8) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ sid_len = MIN(data_count-4,SID_MAX_SIZE);
+
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
--
Samba Shared Repository
More information about the samba-cvs
mailing list