summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2020-01-17 21:49:48 (GMT)
committerJeremy Allison <jra@samba.org>2020-01-21 23:33:41 (GMT)
commitad236bb7590e423b4c69fe6028f2f3495977f48b (patch)
treea14a5905967bfc9904c9aeb70b0bc5e2a022da4e
parenta39c4d9bed2468495e0efc13620fea5a1fb650f8 (diff)
downloadsamba-master.tar.gz
s3: lib: nmblib. Clean up and harden nmb packet processing.HEADmaster
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157 Credit to oss-fuzz. No security implications. Signed-off-by: Jeremy Allison <jra@samba.org> Pair programmed with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184
-rw-r--r--source3/libsmb/nmblib.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index b6dca80..84cbb05 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -192,10 +192,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
m = ubuf[offset];
- if (!m)
- return(0);
- if ((m & 0xC0) || offset+m+2 > length)
- return(0);
+ /* m must be 32 to exactly fill in the 16 bytes of the netbios name */
+ if (m != 32) {
+ return 0;
+ }
+ /* Cannot go past length. */
+ if (offset+m+2 > length) {
+ return 0;
+ }
memset((char *)name,'\0',sizeof(*name));