From 627de92521cb20c5387656946bcbf5ecf3be5332 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 15 Sep 2010 10:50:50 -0700
Subject: [PATCH] Add check for invalid data size.

Jeremy.
---
 source3/smbd/nttrans.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index b602a5161119..9b3085c327d0 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2237,7 +2237,7 @@ static void call_nt_transact_ioctl(connection_struct *conn,
 		 */
 		struct dom_sid sid;
 		uid_t uid;
-		size_t sid_len = MIN(data_count-4,SID_MAX_SIZE);
+		size_t sid_len;
 
 		DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum));
 
@@ -2245,6 +2245,13 @@ static void call_nt_transact_ioctl(connection_struct *conn,
 			return;
 		}
 
+		if (data_count < 8) {
+			reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+			return;
+		}
+
+		sid_len = MIN(data_count-4,SID_MAX_SIZE);
+
 		/* unknown 4 bytes: this is not the length of the sid :-(  */
 		/*unknown = IVAL(pdata,0);*/
 
-- 
2.34.1