r24349: For large read&x we need more than 64k of outbuf.

author Volker Lendecke <vlendec@samba.org>

Sun, 12 Aug 2007 12:15:32 +0000 (12:15 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 17:29:32 +0000 (12:29 -0500)
author Volker Lendecke <vlendec@samba.org>
Sun, 12 Aug 2007 12:15:32 +0000 (12:15 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:29:32 +0000 (12:29 -0500)
diff --git a/source/smbd/process.c b/source/smbd/process.c

index adc3f638e01aa016c760d7e3e7de79e54ab50dd1..c59ee2c2003c772e730a815767d84ea17054cd25 100644 (file)
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -953,8 +953,19 @@ static const struct smb_message_struct {
   allocate and initialize a reply packet
  ********************************************************************/
  
-void reply_outbuf(struct smb_request *req, uint8 num_words, uint16 num_bytes)
+void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
  {
+       /*
+         * Protect against integer wrap
+         */
+       if ((num_bytes > 0xffffff)
+           || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
+               char *msg;
+               asprintf(&msg, "num_bytes too large: %u",
+                        (unsigned)num_bytes);
+               smb_panic(msg);
+       }
+
         if (!(req->outbuf = TALLOC_ARRAY(
                       req, uint8,
                       smb_size + num_words*2 + num_bytes))) {
author	Volker Lendecke <vlendec@samba.org>
	Sun, 12 Aug 2007 12:15:32 +0000 (12:15 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:29:32 +0000 (12:29 -0500)