Add check for invalid data size.

Jeremy.

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index b602a5161119ea4e5f0571bfc2727009822562d0..9b3085c327d00108d5bbd389e4b3043fbc4f04a5 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2237,7 +2237,7 @@ static void call_nt_transact_ioctl(connection_struct *conn,
                 */
                struct dom_sid sid;
                uid_t uid;
-               size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
+               size_t sid_len;
 
                DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
 
@@ -2245,6 +2245,13 @@ static void call_nt_transact_ioctl(connection_struct *conn,
                        return;
                }
 
+               if (data_count < 8) {
+                       reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                       return;
+               }
+
+               sid_len = MIN(data_count-4,SID_MAX_SIZE);
+
                /* unknown 4 bytes: this is not the length of the sid :-(  */
                /*unknown = IVAL(pdata,0);*/