Changeset 468


Ignore:
Timestamp:
Jun 17, 2010, 9:11:36 AM (10 years ago)
Author:
Herwig Bauernfeind
Message:

Update Samba 3.0 with CVE-2010-2063 security patch

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/samba-3.0/source/smbd/process.c

    r336 r468  
    11601160        static char *orig_inbuf;
    11611161        static char *orig_outbuf;
     1162        static int orig_size;
    11621163        int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
    11631164        unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
     
    11791180                orig_inbuf = inbuf;
    11801181                orig_outbuf = outbuf;
     1182                orig_size = size;
     1183        }
     1184
     1185        /* Validate smb_off2 */
     1186        if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
     1187                exit_server_cleanly("Bad chained packet");
     1188                return -1;
    11811189        }
    11821190
     
    11921200        SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
    11931201        SCVAL(outbuf,smb_vwv0,smb_com2);
     1202
     1203        if (outsize <= smb_wct) {
     1204                exit_server_cleanly("Bad chained packet");
     1205                return -1;
     1206        }
    11941207
    11951208        /* remember how much the caller added to the chain, only counting stuff
Note: See TracChangeset for help on using the changeset viewer.