git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
685250e
)
smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
author
Stefan Metzmacher
<metze@samba.org>
Wed, 15 Sep 2021 15:22:39 +0000
(17:22 +0200)
committer
Jule Anger
<janger@samba.org>
Mon, 6 Dec 2021 10:42:10 +0000
(10:42 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
1cd948d8520fd41a4e2f0cc6ee787c1e20211e33
)
source3/smbd/smb2_server.c
patch
|
blob
|
history
diff --git
a/source3/smbd/smb2_server.c
b/source3/smbd/smb2_server.c
index f6b376e5a07adf1be829a4eebd4f8f5690d48b4a..c30c701953004ea9d3b52b3b3d93ad59a200ecbb 100644
(file)
--- a/
source3/smbd/smb2_server.c
+++ b/
source3/smbd/smb2_server.c
@@
-3193,7
+3193,7
@@
NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
const uint8_t *body = SMBD_SMB2_IN_BODY_PTR(req);
size_t body_size = SMBD_SMB2_IN_BODY_LEN(req);
uint32_t in_ctl_code;
- size_t needed =
4
;
+ size_t needed =
8
;
if (needed > body_size) {
return smbd_smb2_request_error(req,