From f351fbe1fc9236ddbf52afecf872cdf7e53cae85 Mon Sep 17 00:00:00 2001
From: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Date: Wed, 10 Jul 2013 08:59:58 +0200
Subject: s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case
 output_buffer_length is too small

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit a93f9c3d33e442c84d0c9da7eb5d25ca4b54fc33)
---
 source3/smbd/smb2_getinfo.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 55071e8745a..30daaadd302 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -485,6 +485,11 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
+	if (state->out_output_buffer.length > in_output_buffer_length) {
+		tevent_req_nterror(req, NT_STATUS_INFO_LENGTH_MISMATCH);
+		return tevent_req_post(req, ev);
+	}
+
 	tevent_req_done(req);
 	return tevent_req_post(req, ev);
 }
-- 
cgit v1.2.1