s3/libsmb: Avoid potential smbpanic calling parse_user_quota_list.

Calling parse_user_quota_list with a NULL buffer can cause a panic, while this shouldn't happen, I managed to trigger this with an early implementation of SMB2 quota support in smbd which didn't pass back NT_STATUS_NO_MORE_ENTRIES when handling a SMB2_0_INFO_QUOTA GETINFO message. OTHOH the Windows client handled the same situation gracefully. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Noel Power <noel.power@suse.com> 2017-02-28 15:04:16 +0000
committer: Karolin Seeger <kseeger@samba.org> 2018-08-13 12:56:37 +0200
commit: f4a456a969082d47c3c0d7ff5d881a6e8b883830 (patch)
tree: 4738e350711e6e711fa81d49893f47e77047a0e2 /source3
parent: acacc78678b5a8442a49ac8f5730c5ebb6cb825c (diff)
download: samba-f4a456a969082d47c3c0d7ff5d881a6e8b883830.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index c397b29b381..089d904f007 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -3045,6 +3045,14 @@ NTSTATUS cli_smb2_list_user_quota_step(struct cli_state *cli,
 				    ph->fid_persistent, ph->fid_volatile, frame,
 				    &outbuf);
 
+	/*
+	 * safeguard against panic from calling parse_user_quota_list with
+	 * NULL buffer
+	 */
+	if (NT_STATUS_IS_OK(status) && outbuf.length == 0) {
+		status = NT_STATUS_NO_MORE_ENTRIES;
+	}
+
 	if (!NT_STATUS_IS_OK(status)) {
 		goto cleanup;
 	}
author	Noel Power <noel.power@suse.com>	2017-02-28 15:04:16 +0000
committer	Karolin Seeger <kseeger@samba.org>	2018-08-13 12:56:37 +0200
commit	f4a456a969082d47c3c0d7ff5d881a6e8b883830 (patch)
tree	4738e350711e6e711fa81d49893f47e77047a0e2 /source3
parent	acacc78678b5a8442a49ac8f5730c5ebb6cb825c (diff)
download	samba-f4a456a969082d47c3c0d7ff5d881a6e8b883830.tar.gz