The branch, master has been updated
via db8cfda s3-smbd: prevent call_nt_transact_ioctl() crash in
FSCTL_FIND_FILES_BY_SID case.
from fe59119 s4-smbtorture: try FSCTL_FIND_FILES_BY_SID with random blob
data in RAW-IOCTL.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit db8cfda320d0e2453d01cdae884fd8aa108bcda7
Author: Günther Deschner <g...@samba.org>
Date: Thu Sep 16 00:19:51 2010 +0200
s3-smbd: prevent call_nt_transact_ioctl() crash in FSCTL_FIND_FILES_BY_SID
case.
Jeremy, please check.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/nttrans.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 9b3085c..beb5b50 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2255,7 +2255,10 @@ static void call_nt_transact_ioctl(connection_struct
*conn,
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
- sid_parse(pdata+4,sid_len,&sid);
+ if (!sid_parse(pdata+4,sid_len,&sid)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
if (!sid_to_uid(&sid, &uid)) {
--
Samba Shared Repository
