diff options
Diffstat (limited to 'source3/libsmb/nmblib.c')
| -rw-r--r-- | source3/libsmb/nmblib.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index 727939575a7..8d387fe8120 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -160,6 +160,9 @@ static bool handle_name_ptrs(unsigned char *ubuf,int *offset,int length, if (!*got_pointer) (*ret) += 2; (*got_pointer)=True; + if (*offset > length - 2) { + return False; + } (*offset) = ((ubuf[*offset] & ~0xC0)<<8) | ubuf[(*offset)+1]; if (loop_count++ == 10 || (*offset) < 0 || (*offset)>(length-2)) { @@ -192,10 +195,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name) m = ubuf[offset]; - if (!m) - return(0); - if ((m & 0xC0) || offset+m+2 > length) - return(0); + /* m must be 32 to exactly fill in the 16 bytes of the netbios name */ + if (m != 32) { + return 0; + } + /* Cannot go past length. */ + if (offset+m+2 > length) { + return 0; + } memset((char *)name,'\0',sizeof(*name)); |