diff options
| author | Andrew Tridgell <tridge@samba.org> | 1997-10-04 05:21:47 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1997-10-04 05:21:47 +0000 |
| commit | d40199f4fe1344058267859820cb36b77a20442a (patch) | |
| tree | 2894e8548d112fb0a2d5b7fb49d2c50dd527e10b | |
| parent | 0eb9a590430c328e6ebc46ff8ab05f181921769a (diff) | |
| download | samba-d40199f4fe1344058267859820cb36b77a20442a.tar.gz samba-d40199f4fe1344058267859820cb36b77a20442a.tar.xz samba-d40199f4fe1344058267859820cb36b77a20442a.zip | |
a bit of bounds checking
| -rw-r--r-- | source/client/clientutil.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source/client/clientutil.c b/source/client/clientutil.c index d16e5a471fc..ed5497782b3 100644 --- a/source/client/clientutil.c +++ b/source/client/clientutil.c @@ -126,6 +126,13 @@ BOOL cli_receive_trans_response(char *inbuf,int trans,int *data_len, { this_data = SVAL(inbuf,smb_drcnt); this_param = SVAL(inbuf,smb_prcnt); + + if (this_data + *data_len > total_data || + this_param + *param_len > total_param) { + DEBUG(1,("Data overflow in cli_receive_trans_response\n")); + return False; + } + if (this_data) memcpy(*data + SVAL(inbuf,smb_drdisp), smb_base(inbuf) + SVAL(inbuf,smb_droff), @@ -453,6 +460,11 @@ BOOL cli_send_login(char *inbuf, char *outbuf, BOOL start_session, BOOL use_setu /* send a session setup command */ bzero(outbuf,smb_size); + if (passlen > MAX_PASSWORD_LENGTH) { + DEBUG(1,("password too long %d\n", passlen)); + return False; + } + if (Protocol < PROTOCOL_NT1) { set_message(outbuf,10,1 + strlen(username) + passlen,True); CVAL(outbuf,smb_com) = SMBsesssetupX; |