smb: check for full size message before reading message detailsbagder/smb-short-message

To avoid reading of uninitialized data. Assisted-by: Max Dymond Bug: https://crbug.com/oss-fuzz/16907
author: Daniel Stenberg <daniel@haxx.se> 2019-09-16 10:15:05 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2019-09-16 10:44:51 +0200
commit: 9f88f9b24a37b918166bf31569d7e69f9d23632b (patch)
tree: 1b87f9de617a0e2246c0a60c2880b9f4960caf6c
parent: a0f8fccb1e06910580bc3c4e1c55ef1bd962a677 (diff)
download: curl-bagder/smb-short-message.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/smb.c b/lib/smb.c
index f66c05ca4..12f99257f 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -682,7 +682,8 @@ static CURLcode smb_connection_state(struct connectdata *conn, bool *done)
 
   switch(smbc->state) {
   case SMB_NEGOTIATE:
-    if(h->status || smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) {
+    if((smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) ||
+       h->status) {
       connclose(conn, "SMB: negotiation failed");
       return CURLE_COULDNT_CONNECT;
     }
author	Daniel Stenberg <daniel@haxx.se>	2019-09-16 10:15:05 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2019-09-16 10:44:51 +0200
commit	9f88f9b24a37b918166bf31569d7e69f9d23632b (patch)
tree	1b87f9de617a0e2246c0a60c2880b9f4960caf6c
parent	a0f8fccb1e06910580bc3c4e1c55ef1bd962a677 (diff)
download	curl-bagder/smb-short-message.tar.gz