sid->sid_rev_num = CVAL(inbuf, 0);
sid->num_auths = CVAL(inbuf, 1);
+ if (sid->num_auths > MAXSUBAUTHS) {
+ return false;
+ }
memcpy(sid->id_auth, inbuf+2, 6);
if (len < 8 + sid->num_auths*4)
return False;
for (i=0; values[i]; i++) {
DOM_SID sid;
fstring tmp;
- sid_parse(values[i]->bv_val, values[i]->bv_len, &sid);
+ if (!sid_parse(values[i]->bv_val, values[i]->bv_len, &sid)) {
+ continue;
+ }
printf("%s: %s\n", field, sid_to_fstring(tmp, &sid));
}
}
}
#endif /* LARGE_SMB_OFF_T */
- sid_parse(rdata+40,sid_len,&qt.sid);
+ if (!sid_parse(rdata+40,sid_len,&qt.sid)) {
+ return false;
+ }
qt.qtype = SMB_USER_QUOTA_TYPE;
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
- sid_parse(pdata+4,sid_len,&sid);
+ if (!sid_parse(pdata+4,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
if (!sid_to_uid(&sid, &uid)) {
break;
}
- sid_parse(pdata+8,sid_len,&sid);
+ if (!sid_parse(pdata+8,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
ZERO_STRUCT(qt);
}
#endif /* LARGE_SMB_OFF_T */
- sid_parse(pdata+40,sid_len,&sid);
+ if (!sid_parse(pdata+40,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
/* 44 unknown bytes left... */