diff options
author | Noel Power <noel.power@suse.com> | 2017-02-28 15:04:16 +0000 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-08-13 12:56:37 +0200 |
commit | f4a456a969082d47c3c0d7ff5d881a6e8b883830 (patch) | |
tree | 4738e350711e6e711fa81d49893f47e77047a0e2 /source3 | |
parent | acacc78678b5a8442a49ac8f5730c5ebb6cb825c (diff) | |
download | samba-f4a456a969082d47c3c0d7ff5d881a6e8b883830.tar.gz |
s3/libsmb: Avoid potential smbpanic calling parse_user_quota_list.
Calling parse_user_quota_list with a NULL buffer can cause a panic, while
this shouldn't happen, I managed to trigger this with an early implementation
of SMB2 quota support in smbd which didn't pass back NT_STATUS_NO_MORE_ENTRIES
when handling a SMB2_0_INFO_QUOTA GETINFO message.
OTHOH the Windows client handled the same situation gracefully.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libsmb/cli_smb2_fnum.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c index c397b29b381..089d904f007 100644 --- a/source3/libsmb/cli_smb2_fnum.c +++ b/source3/libsmb/cli_smb2_fnum.c @@ -3045,6 +3045,14 @@ NTSTATUS cli_smb2_list_user_quota_step(struct cli_state *cli, ph->fid_persistent, ph->fid_volatile, frame, &outbuf); + /* + * safeguard against panic from calling parse_user_quota_list with + * NULL buffer + */ + if (NT_STATUS_IS_OK(status) && outbuf.length == 0) { + status = NT_STATUS_NO_MORE_ENTRIES; + } + if (!NT_STATUS_IS_OK(status)) { goto cleanup; } |