git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 054e7de)
libsmb: Protect cli_oem_change_password() from rprcnt<2
authorVolker Lendecke <vl@samba.org>
Sat, 2 May 2020 13:18:07 +0000 (15:18 +0200)
committerKarolin Seeger <kseeger@samba.org>
Thu, 14 May 2020 07:25:46 +0000 (07:25 +0000)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  5 17:12:04 UTC 2020 on sn-devel-184

(cherry picked from commit f80c97cb8da64f3cd9904e2e1fd43c29b691166d)

source3/libsmb/clirap.c patch | blob | history

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index b3e82440c105f42d096b7e48a781e8aa0d71a7d8..1be331afda69a91258f794ee8b9aa7bf72a0ec61 100644 (file)
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -603,10 +603,16 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
                return False;
        }
 
+       if (rdrcnt < 2) {
+               cli->rap_error = ERRbadformat;
+               goto done;
+       }
+
        if (rparam) {
                cli->rap_error = SVAL(rparam,0);
        }
 
+done:
        SAFE_FREE(rparam);
        SAFE_FREE(rdata);
 
Samba Shared Repository