git.samba.org
/
metze
/
samba
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6400f3e
)
Add check for invalid data size.
author
Jeremy Allison
<jra@samba.org>
Wed, 15 Sep 2010 17:50:50 +0000
(10:50 -0700)
committer
Jeremy Allison
<jra@samba.org>
Wed, 15 Sep 2010 17:50:50 +0000
(10:50 -0700)
Jeremy.
source3/smbd/nttrans.c
patch
|
blob
|
history
diff --git
a/source3/smbd/nttrans.c
b/source3/smbd/nttrans.c
index b602a5161119ea4e5f0571bfc2727009822562d0..9b3085c327d00108d5bbd389e4b3043fbc4f04a5 100644
(file)
--- a/
source3/smbd/nttrans.c
+++ b/
source3/smbd/nttrans.c
@@
-2237,7
+2237,7
@@
static void call_nt_transact_ioctl(connection_struct *conn,
*/
struct dom_sid sid;
uid_t uid;
- size_t sid_len
= MIN(data_count-4,SID_MAX_SIZE)
;
+ size_t sid_len;
DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
@@
-2245,6
+2245,13
@@
static void call_nt_transact_ioctl(connection_struct *conn,
return;
}
+ if (data_count < 8) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ sid_len = MIN(data_count-4,SID_MAX_SIZE);
+
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/