mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3: lib: nmblib. Clean up and harden nmb packet processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157 Credit to oss-fuzz. No security implications. Signed-off-by: Jeremy Allison <jra@samba.org> Pair programmed with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184
This commit is contained in:
parent
a39c4d9bed
commit
ad236bb759
@ -192,10 +192,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
|
||||
|
||||
m = ubuf[offset];
|
||||
|
||||
if (!m)
|
||||
return(0);
|
||||
if ((m & 0xC0) || offset+m+2 > length)
|
||||
return(0);
|
||||
/* m must be 32 to exactly fill in the 16 bytes of the netbios name */
|
||||
if (m != 32) {
|
||||
return 0;
|
||||
}
|
||||
/* Cannot go past length. */
|
||||
if (offset+m+2 > length) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
memset((char *)name,'\0',sizeof(*name));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user