[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Sep 27 14:08:02 MDT 2012
The branch, master has been updated
via 322e3d4 Fix bug #9209 - Parse of invalid SMB2 create blob can cause smbd crash.
from b7822a5 samba4-tests: Move 'samba.tests.source' up.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 322e3d42f65dadabeccf8813fcb0e9b7d353ffb2
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 26 16:58:58 2012 -0700
Fix bug #9209 - Parse of invalid SMB2 create blob can cause smbd crash.
Ensure we correctly protect against blobs with data_offset==0
and data_length != 0.
Jeremy.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 27 22:07:02 CEST 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb2_create_blob.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2_create_blob.c b/libcli/smb/smb2_create_blob.c
index 189bcd1..92387db 100644
--- a/libcli/smb/smb2_create_blob.c
+++ b/libcli/smb/smb2_create_blob.c
@@ -66,9 +66,8 @@ NTSTATUS smb2_create_blob_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer,
name_offset + name_length > remaining ||
(data_offset & 0x7) != 0 ||
(data_offset && (data_offset < name_offset + name_length)) ||
- (data_offset && (data_offset > remaining)) ||
- (data_offset && data_length &&
- (data_offset + (uint64_t)data_length > remaining))) {
+ (data_offset > remaining) ||
+ (data_offset + (uint64_t)data_length > remaining)) {
return NT_STATUS_INVALID_PARAMETER;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list