Changeset 468

Timestamp:

Jun 17, 2010, 11:11:36 AM (15 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.0 with CVE-2010-2063 security patch

File:

• branches/samba-3.0/source/smbd/process.c (modified) (3 diffs)

branches/samba-3.0/source/smbd/process.c

@@ -1160 +1160 @@
         static char *orig_inbuf;
         static char *orig_outbuf;
+        static int orig_size;
         int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
         unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
@@ -1179 +1180 @@
                 orig_inbuf = inbuf;
                 orig_outbuf = outbuf;
+                orig_size = size;
+        }
+
+        /* Validate smb_off2 */
+        if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
+                exit_server_cleanly("Bad chained packet");
+                return -1;
         }
 
@@ -1192 +1200 @@
         SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf));
         SCVAL(outbuf,smb_vwv0,smb_com2);
+
+        if (outsize <= smb_wct) {
+                exit_server_cleanly("Bad chained packet");
+                return -1;
+        }
 
         /* remember how much the caller added to the chain, only counting stuff