1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

More paranioa fixes against nmbd lengths.

Jeremy.
(This used to be commit 53f35a71c6)
This commit is contained in:
Jeremy Allison 2001-04-25 01:07:33 +00:00
parent a7e07d149d
commit 30c02f9871

View File

@ -1265,21 +1265,21 @@ an error packet of type %x\n",
len = SVAL(buf,smb_vwv11); len = SVAL(buf,smb_vwv11);
buf2 = smb_base(buf) + SVAL(buf,smb_vwv12); buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
if (len <= 0)
return;
if (buf2 + len > buf + sizeof(dgram->data)) {
DEBUG(2,("process_dgram: datagram from %s to %s IP %s for %s %d len=%d too long.\n",
nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
inet_ntoa(p->ip), smb_buf(buf),len));
len = (buf + sizeof(dgram->data)) - buf;
}
DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n", DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n",
nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name), nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len)); inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
if (len <= 0)
return;
if (buf2 + len > buf + sizeof(dgram->data)) {
DEBUG(2,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d too long.\n",
nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
len = (buf + sizeof(dgram->data)) - buf;
}
/* Datagram packet received for the browser mailslot */ /* Datagram packet received for the browser mailslot */
if (strequal(smb_buf(buf),BROWSE_MAILSLOT)) if (strequal(smb_buf(buf),BROWSE_MAILSLOT))
{ {