git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 685250e)
smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
authorStefan Metzmacher <metze@samba.org>
Wed, 15 Sep 2021 15:22:39 +0000 (17:22 +0200)
committerJule Anger <janger@samba.org>
Mon, 6 Dec 2021 10:42:10 +0000 (10:42 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1cd948d8520fd41a4e2f0cc6ee787c1e20211e33)

source3/smbd/smb2_server.c patch | blob | history

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index f6b376e5a07adf1be829a4eebd4f8f5690d48b4a..c30c701953004ea9d3b52b3b3d93ad59a200ecbb 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3193,7 +3193,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
                const uint8_t *body = SMBD_SMB2_IN_BODY_PTR(req);
                size_t body_size = SMBD_SMB2_IN_BODY_LEN(req);
                uint32_t in_ctl_code;
-               size_t needed = 4;
+               size_t needed = 8;
 
                if (needed > body_size) {
                        return smbd_smb2_request_error(req,
Samba Shared Repository