diff options
author | Jeremy Allison <jra@samba.org> | 2020-01-17 13:49:48 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-02-03 10:02:49 +0000 |
commit | 55177a44258dceee3aa3ae4966f56f422a9a5aad (patch) | |
tree | db1865f4a88282633853118da79d0a465dfe723d /source3 | |
parent | 9dca42f43b3ebea74ec20d9b8b0452fe23649443 (diff) | |
download | samba-55177a44258dceee3aa3ae4966f56f422a9a5aad.tar.gz |
s3: lib: nmblib. Clean up and harden nmb packet processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239
OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156
OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157
Credit to oss-fuzz.
No security implications.
Signed-off-by: Jeremy Allison <jra@samba.org>
Pair programmed with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184
(cherry picked from commit ad236bb7590e423b4c69fe6028f2f3495977f48b)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/nmblib.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index 727939575a7..0681450bae2 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -192,10 +192,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name) m = ubuf[offset]; - if (!m) - return(0); - if ((m & 0xC0) || offset+m+2 > length) - return(0); + /* m must be 32 to exactly fill in the 16 bytes of the netbios name */ + if (m != 32) { + return 0; + } + /* Cannot go past length. */ + if (offset+m+2 > length) { + return 0; + } memset((char *)name,'\0',sizeof(*name)); |