libcli/auth: reject computer_name longer than 15 chars

This matches Windows, it seems they use a fixed size field to store
netlogon_creds_CredentialState.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 8 insertions, 0 deletions

diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 8c893ee08ee..6669b465b73 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -78,6 +78,14 @@ NTSTATUS schannel_store_session_key_tdb(struct db_context *db_sc,
 	char *name_upper;
 	NTSTATUS status;
 
+	if (strlen(creds->computer_name) > 15) {
+		/*
+		 * We may want to check for a completely
+		 * valid netbios name.
+		 */
+		return STATUS_BUFFER_OVERFLOW;
+	}
+
 	name_upper = strupper_talloc(mem_ctx, creds->computer_name);
 	if (!name_upper) {
 		return NT_STATUS_NO_MEMORY;