1 files changed, 21 insertions, 13 deletions

diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index 8feb029b05e..7b75c3de065 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -207,25 +207,33 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
 		unsigned char c1,c2;
 		c1 = ubuf[offset++]-'A';
 		c2 = ubuf[offset++]-'A';
-		if ((c1 & 0xF0) || (c2 & 0xF0) || (n > sizeof(name->name)-1))
+		if ((c1 & 0xF0) || (c2 & 0xF0)) {
 			return(0);
+		}
+		if (n >= sizeof(name->name)) {
+			return 0;
+		}
 		name->name[n++] = (c1<<4) | c2;
 		m -= 2;
 	}
-	name->name[n] = 0;
-
-	if (n==MAX_NETBIOSNAME_LEN) {
-		/* parse out the name type, its always
-		 * in the 16th byte of the name */
-		name->name_type = ((unsigned char)name->name[15]) & 0xff;
-
-		/* remove trailing spaces */
-		name->name[15] = 0;
-		n = 14;
-		while (n && name->name[n]==' ')
-			name->name[n--] = 0;
+	/*
+	 * RFC1002: For a valid NetBIOS name, exiting from the above,
+	 * n *must* be MAX_NETBIOSNAME_LEN (16).
+	 */
+	if (n != MAX_NETBIOSNAME_LEN) {
+		return 0;
 	}
 
+	/* parse out the name type, its always
+	 * in the 16th byte of the name */
+	name->name_type = ((unsigned char)name->name[15]) & 0xff;
+
+	/* remove trailing spaces */
+	name->name[15] = 0;
+	n = 14;
+	while (n && name->name[n]==' ')
+		name->name[n--] = 0;
+
 	/* now the domain parts (if any) */
 	n = 0;
 	while (ubuf[offset]) {