smbd: Correctly return INFO_LENGTH_MISMATCH for smb1

This is required if the client offered less buffer than the fixed portion
of the info level data requires

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 576e289b861cd37568c9519056b83e29828e5184..aaf0e6228968aea5c1287f130bee2cce1d5010c3 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5611,6 +5611,10 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
                reply_nterror(req, status);
                return;
        }
+       if (fixed_portion > max_data_bytes) {
+               reply_nterror(req, NT_STATUS_INFO_LENGTH_MISMATCH);
+               return;
+       }
 
        send_trans2_replies(conn, req, NT_STATUS_OK, params, param_size, *ppdata, data_size,
                            max_data_bytes);