smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo

author Volker Lendecke <vl@samba.org>

Tue, 27 Aug 2013 09:36:03 +0000 (09:36 +0000)

committer Karolin Seeger <kseeger@samba.org>

Fri, 6 Sep 2013 08:49:50 +0000 (10:49 +0200)
author Volker Lendecke <vl@samba.org>
Tue, 27 Aug 2013 09:36:03 +0000 (09:36 +0000)
committer Karolin Seeger <kseeger@samba.org>
Fri, 6 Sep 2013 08:49:50 +0000 (10:49 +0200)
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c

index 91595d53cb8a0d0ec9ef1a3fad0dcaeff0b182d8..714a6bdf08bde282572668e2f992d5ffa0a26e64 100644 (file)
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -383,6 +383,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
                         tevent_req_nterror(req, status);
                         return tevent_req_post(req, ev);
                 }
+               if (in_output_buffer_length < fixed_portion) {
+                       SAFE_FREE(data);
+                       tevent_req_nterror(
+                               req, NT_STATUS_INFO_LENGTH_MISMATCH);
+                       return tevent_req_post(req, ev);
+               }
                 if (data_size > 0) {
                         state->out_output_buffer = data_blob_talloc(state,
                                                                     data,
@@ -425,6 +431,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
                         tevent_req_nterror(req, status);
                         return tevent_req_post(req, ev);
                 }
+               if (in_output_buffer_length < fixed_portion) {
+                       SAFE_FREE(data);
+                       tevent_req_nterror(
+                               req, NT_STATUS_INFO_LENGTH_MISMATCH);
+                       return tevent_req_post(req, ev);
+               }
                 if (data_size > 0) {
                         state->out_output_buffer = data_blob_talloc(state,
                                                                     data,
author	Volker Lendecke <vl@samba.org>
	Tue, 27 Aug 2013 09:36:03 +0000 (09:36 +0000)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 6 Sep 2013 08:49:50 +0000 (10:49 +0200)