diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2021-05-03 16:22:43 +1200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2021-05-19 01:32:34 +0000 |
commit | 9e414233c84d2f2fa4a9415be9ee975eca8b9bfd (patch) | |
tree | 54eae57407f8f70f2f3bcdb09201b9ad64003815 /source3/libsmb | |
parent | 9d8aeed33d8edf7a5dc96dbe35e4e164e2baeeeb (diff) | |
download | samba-9e414233c84d2f2fa4a9415be9ee975eca8b9bfd.tar.gz |
libsmb: Check to see that whoami is not receiving more data than it requested
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/clifsinfo.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 8ec74d191be..c1f2eca8bcf 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -570,6 +570,8 @@ struct posix_whoami_state { static void cli_posix_whoami_done(struct tevent_req *subreq); +static const uint32_t posix_whoami_max_rdata = 62*1024; + struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli) @@ -586,7 +588,7 @@ struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx, SSVAL(state->setup, 0, TRANSACT2_QFSINFO); SSVAL(state->param, 0, SMB_QUERY_POSIX_WHOAMI); - state->max_rdata = 62*1024; + state->max_rdata = posix_whoami_max_rdata; subreq = cli_trans_send(state, /* mem ctx. */ ev, /* event ctx. */ @@ -650,7 +652,7 @@ static void cli_posix_whoami_done(struct tevent_req *subreq) * parsing network packets in C. */ - if (num_rdata < 40) { + if (num_rdata < 40 || num_rdata > posix_whoami_max_rdata) { tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); return; } |