sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code

Now we're allowing a lower bound for auth_len, ensure we

Browse Source 
also check for an upper one (integer wrap).
Jeremy.
This commit is contained in:
Jeremy Allison 2009-03-05 21:06:48 -08:00
parent 66c0f3690a
commit 4e74d811aa
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source3/rpc_server/srv_pipe.c
View File

@ -2113,7 +2113,11 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
auth_len = p->hdr.auth_len;
if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ||
auth_len < RPC_HEADER_LEN +
RPC_HDR_REQ_LEN +
RPC_HDR_AUTH_LEN +
auth_len) {
DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len ));
return False;
}