The branch, master has been updated via db8cfda s3-smbd: prevent call_nt_transact_ioctl() crash in FSCTL_FIND_FILES_BY_SID case. from fe59119 s4-smbtorture: try FSCTL_FIND_FILES_BY_SID with random blob data in RAW-IOCTL.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit db8cfda320d0e2453d01cdae884fd8aa108bcda7 Author: Günther Deschner <g...@samba.org> Date: Thu Sep 16 00:19:51 2010 +0200 s3-smbd: prevent call_nt_transact_ioctl() crash in FSCTL_FIND_FILES_BY_SID case. Jeremy, please check. Guenther ----------------------------------------------------------------------- Summary of changes: source3/smbd/nttrans.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 9b3085c..beb5b50 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2255,7 +2255,10 @@ static void call_nt_transact_ioctl(connection_struct *conn, /* unknown 4 bytes: this is not the length of the sid :-( */ /*unknown = IVAL(pdata,0);*/ - sid_parse(pdata+4,sid_len,&sid); + if (!sid_parse(pdata+4,sid_len,&sid)) { + reply_nterror(req, NT_STATUS_INVALID_PARAMETER); + return; + } DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid))); if (!sid_to_uid(&sid, &uid)) { -- Samba Shared Repository