diff options
author | Volker Lendecke <vl@samba.org> | 2013-08-27 09:36:03 +0000 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2013-09-18 10:41:22 +0200 |
commit | 926383e5c4a4ca79561b0204d6bd7102146a83d3 (patch) | |
tree | 250a9221a2adb830b8ed9f04198167d924a35a5e | |
parent | 827d2ed098f523392c5da78221699f53f0b66407 (diff) | |
download | samba-926383e5c4a4ca79561b0204d6bd7102146a83d3.tar.gz |
smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
We have to return this error if the client offered less than the fixed
portion of the infolevel data requires
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 91939614760837b2ac2c6bb8b5daac108a4f4670)
(cherry picked from commit 9818b31167531f41cbf08fccf89d60ca128c3d4d)
-rw-r--r-- | source3/smbd/smb2_getinfo.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index 91595d53cb8..714a6bdf08b 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -383,6 +383,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, tevent_req_nterror(req, status); return tevent_req_post(req, ev); } + if (in_output_buffer_length < fixed_portion) { + SAFE_FREE(data); + tevent_req_nterror( + req, NT_STATUS_INFO_LENGTH_MISMATCH); + return tevent_req_post(req, ev); + } if (data_size > 0) { state->out_output_buffer = data_blob_talloc(state, data, @@ -425,6 +431,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, tevent_req_nterror(req, status); return tevent_req_post(req, ev); } + if (in_output_buffer_length < fixed_portion) { + SAFE_FREE(data); + tevent_req_nterror( + req, NT_STATUS_INFO_LENGTH_MISMATCH); + return tevent_req_post(req, ev); + } if (data_size > 0) { state->out_output_buffer = data_blob_talloc(state, data, |