git.samba.org / kseeger / samba-autobuild-v4-13-test / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8dc3d1e)
libsmb: Protect cli_RNetServerEnum against rprcnt<6
authorVolker Lendecke <vl@samba.org>
Sat, 2 May 2020 13:10:14 +0000 (15:10 +0200)
committerKarolin Seeger <kseeger@samba.org>
Thu, 14 May 2020 07:25:46 +0000 (07:25 +0000)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ce8b70df7bd63e96723b8e8dc864f1690f5fad7b)

source3/libsmb/clirap.c patch | blob | history

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 5e8b7bcecd133e1b5adb19cda625d3f850247039..b3e82440c105f42d096b7e48a781e8aa0d71a7d8 100644 (file)
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -373,6 +373,13 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype,
                }
 
                rdata_end = rdata + rdrcnt;
+
+               if (rprcnt < 6) {
+                       DBG_ERR("Got invalid result: rprcnt=%u\n", rprcnt);
+                       res = -1;
+                       break;
+               }
+
                res = rparam ? SVAL(rparam,0) : -1;
 
                if (res == 0 || res == ERRmoredata ||
Unnamed repository; edit this file 'description' to name the repository.