Security fix for CVE-2008-1105: Boundary failure when parsing SMB responses

can result in a buffer overrun. Jeremy. (This used to be commit 23b825e9d2c74c5b940cf4d3aa56c18692259972)
author: Jeremy Allison <jra@samba.org> 2008-05-28 09:31:42 -0700
committer: Jeremy Allison <jra@samba.org> 2008-05-28 09:31:42 -0700
commit: d36434f31268b75040311352f23c92c9a61e8cda (patch)
tree: fc19fb649d4a6ecf29f43b872975c7f6eeaeebd3 /source3/utils/smbfilter.c
parent: 611072fc1cd94e6c9d56ce910fd13f007f6ecb84 (diff)
download: samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index e128e1ce345..d274e092990 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -171,7 +171,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 		if (c != -1 && FD_ISSET(c, &fds)) {
 			size_t len;
 			if (!NT_STATUS_IS_OK(receive_smb_raw(
-						     c, packet, 0, 0, &len))) {
+							c, packet, sizeof(packet),
+							0, 0, &len))) {
 				d_printf("client closed connection\n");
 				exit(0);
 			}
@@ -184,7 +185,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 		if (s != -1 && FD_ISSET(s, &fds)) {
 			size_t len;
 			if (!NT_STATUS_IS_OK(receive_smb_raw(
-						     s, packet, 0, 0, &len))) {
+							s, packet, sizeof(packet),
+							0, 0, &len))) {
 				d_printf("server closed connection\n");
 				exit(0);
 			}
author	Jeremy Allison <jra@samba.org>	2008-05-28 09:31:42 -0700
committer	Jeremy Allison <jra@samba.org>	2008-05-28 09:31:42 -0700
commit	d36434f31268b75040311352f23c92c9a61e8cda (patch)
tree	fc19fb649d4a6ecf29f43b872975c7f6eeaeebd3 /source3/utils/smbfilter.c
parent	611072fc1cd94e6c9d56ce910fd13f007f6ecb84 (diff)
download	samba-d36434f31268b75040311352f23c92c9a61e8cda.tar.gz