Author: jra Date: 2007-08-16 23:53:51 +0000 (Thu, 16 Aug 2007) New Revision: 24500
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24500 Log: Add check that bcc is correct in an incoming packet. Jeremy. Modified: branches/SAMBA_3_2/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_2/source/smbd/process.c =================================================================== --- branches/SAMBA_3_2/source/smbd/process.c 2007-08-16 22:50:57 UTC (rev 24499) +++ branches/SAMBA_3_2/source/smbd/process.c 2007-08-16 23:53:51 UTC (rev 24500) @@ -70,13 +70,22 @@ req->vuid = SVAL(inbuf, smb_uid); req->tid = SVAL(inbuf, smb_tid); req->wct = CVAL(inbuf, smb_wct); - /* Ensure we have at least wct words. */ + /* Ensure we have at least wct words and 2 bytes of bcc. */ if (smb_size + req->wct*2 > req_size) { DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n", (unsigned int)req->wct, (unsigned int)req_size)); exit_server_cleanly("Invalid SMB request"); } + /* Ensure bcc is correct. */ + if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) { + DEBUG(0,("init_smb_request: invalid bcc number %u " + "(wct = %u, size %u)\n", + (unsigned int)smb_buflen(inbuf), + (unsigned int)req->wct, + (unsigned int)req_size)); + exit_server_cleanly("Invalid SMB request"); + } req->inbuf = inbuf; req->outbuf = NULL; }
