From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 15 Sep 2021 15:22:39 +0000 (+0200)
Subject: smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
X-Git-Tag: tdb-1.4.6~486
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1cd948d8520fd41a4e2f0cc6ee787c1e20211e33;p=thirdparty%2Fsamba.git

smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 4f302c35419..fd02c129c40 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3194,7 +3194,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 		const uint8_t *body = SMBD_SMB2_IN_BODY_PTR(req);
 		size_t body_size = SMBD_SMB2_IN_BODY_LEN(req);
 		uint32_t in_ctl_code;
-		size_t needed = 4;
+		size_t needed = 8;
 
 		if (needed > body_size) {
 			return smbd_smb2_request_error(req,