libsmb: Protect cli_RNetServerEnum against rprcnt<6

author Volker Lendecke <vl@samba.org>

Sat, 2 May 2020 13:10:14 +0000 (15:10 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 14 May 2020 14:28:15 +0000 (14:28 +0000)
author Volker Lendecke <vl@samba.org>
Sat, 2 May 2020 13:10:14 +0000 (15:10 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 14 May 2020 14:28:15 +0000 (14:28 +0000)
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c

index 9b7f54c503b1edb2a0bb968a6382c963a9ecd0c7..16c1a502380145756fa9562c26f27906d1eb192c 100644 (file)
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -372,6 +372,13 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype,
                 }
  
                 rdata_end = rdata + rdrcnt;
+
+               if (rprcnt < 6) {
+                       DBG_ERR("Got invalid result: rprcnt=%u\n", rprcnt);
+                       res = -1;
+                       break;
+               }
+
                 res = rparam ? SVAL(rparam,0) : -1;
  
                 if (res == 0 || res == ERRmoredata ||
author	Volker Lendecke <vl@samba.org>
	Sat, 2 May 2020 13:10:14 +0000 (15:10 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 14 May 2020 14:28:15 +0000 (14:28 +0000)