git.samba.org
/
metze
/
samba
/
wip.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix bug #7669.
[metze/samba/wip.git]
/
source3
/
smbd
/
nttrans.c
diff --git
a/source3/smbd/nttrans.c
b/source3/smbd/nttrans.c
index 2af9a79a50d3a3b9d44968fb5b628b763978426d..fcb2f8d2bd57ce8e587b415803967ad15896cbad 100644
(file)
--- a/
source3/smbd/nttrans.c
+++ b/
source3/smbd/nttrans.c
@@
-2079,7
+2079,11
@@
static void call_nt_transact_ioctl(connection_struct *conn,
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
- sid_parse(pdata+4,sid_len,&sid);
+ if (!sid_parse(pdata+4,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
if (!sid_to_uid(&sid, &uid)) {
DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
if (!sid_to_uid(&sid, &uid)) {
@@
-2335,7
+2339,10
@@
static void call_nt_transact_get_user_quota(connection_struct *conn,
break;
}
break;
}
- sid_parse(pdata+8,sid_len,&sid);
+ if (!sid_parse(pdata+8,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
ZERO_STRUCT(qt);
if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
ZERO_STRUCT(qt);
@@
-2516,7
+2523,11
@@
static void call_nt_transact_set_user_quota(connection_struct *conn,
}
#endif /* LARGE_SMB_OFF_T */
}
#endif /* LARGE_SMB_OFF_T */
- sid_parse(pdata+40,sid_len,&sid);
+ if (!sid_parse(pdata+40,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
/* 44 unknown bytes left... */
DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
/* 44 unknown bytes left... */