diff options
author | Volker Lendecke <vl@samba.org> | 2013-08-27 09:36:03 +0000 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2013-09-06 10:49:50 +0200 |
commit | 9818b31167531f41cbf08fccf89d60ca128c3d4d (patch) | |
tree | 967d8b80b9b55c46e72d75aba44d40fdeff3cc07 | |
parent | a3d041438f2f0fde9644ec27b89f19ded3146f50 (diff) | |
download | samba-9818b31167531f41cbf08fccf89d60ca128c3d4d.tar.gz |
smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
We have to return this error if the client offered less than the fixed
portion of the infolevel data requires
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 91939614760837b2ac2c6bb8b5daac108a4f4670)
-rw-r--r-- | source3/smbd/smb2_getinfo.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index 91595d53cb8..714a6bdf08b 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -383,6 +383,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, tevent_req_nterror(req, status); return tevent_req_post(req, ev); } + if (in_output_buffer_length < fixed_portion) { + SAFE_FREE(data); + tevent_req_nterror( + req, NT_STATUS_INFO_LENGTH_MISMATCH); + return tevent_req_post(req, ev); + } if (data_size > 0) { state->out_output_buffer = data_blob_talloc(state, data, @@ -425,6 +431,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, tevent_req_nterror(req, status); return tevent_req_post(req, ev); } + if (in_output_buffer_length < fixed_portion) { + SAFE_FREE(data); + tevent_req_nterror( + req, NT_STATUS_INFO_LENGTH_MISMATCH); + return tevent_req_post(req, ev); + } if (data_size > 0) { state->out_output_buffer = data_blob_talloc(state, data, |