also check for an upper one (integer wrap).
Jeremy.
auth_len = p->hdr.auth_len;
auth_len = p->hdr.auth_len;
- if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ||
+ auth_len < RPC_HEADER_LEN +
+ RPC_HDR_REQ_LEN +
+ RPC_HDR_AUTH_LEN +
+ auth_len) {
DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len ));
return False;
}
DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len ));
return False;
}