sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-05 12:23:50 +03:00
Code Activity

libsmb: Check to see that whoami is not receiving more data than it requested

Browse Source 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2021-05-03 16:22:43 +12:00
committed by Jeremy Allison
parent 9d8aeed33d
commit 9e414233c8
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source3/libsmb/clifsinfo.c
View File

@@ -570,6 +570,8 @@ struct posix_whoami_state {
static void cli_posix_whoami_done(struct tevent_req *subreq);
static const uint32_t posix_whoami_max_rdata = 62*1024;
struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct cli_state *cli)
@@ -586,7 +588,7 @@ struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx,
SSVAL(state->setup, 0, TRANSACT2_QFSINFO);
SSVAL(state->param, 0, SMB_QUERY_POSIX_WHOAMI);
state->max_rdata = 62*1024;
state->max_rdata = posix_whoami_max_rdata;
subreq = cli_trans_send(state, /* mem ctx. */
ev, /* event ctx. */
@@ -650,7 +652,7 @@ static void cli_posix_whoami_done(struct tevent_req *subreq)
* parsing network packets in C.
*/
if (num_rdata < 40) {
if (num_rdata < 40 || num_rdata > posix_whoami_max_rdata) {
tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
}