From: Volker Lendecke <vl@samba.org>
Date: Sat, 2 May 2020 13:18:07 +0000 (+0200)
Subject: libsmb: Protect cli_oem_change_password() from rprcnt<2
X-Git-Tag: samba-4.10.16~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bff6f6ad28753235f2915edffcc7dd367bec594;p=thirdparty%2Fsamba.git

libsmb: Protect cli_oem_change_password() from rprcnt<2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  5 17:12:04 UTC 2020 on sn-devel-184

(cherry picked from commit f80c97cb8da64f3cd9904e2e1fd43c29b691166d)
---

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 16c1a502380..8a844050461 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -577,10 +577,16 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
 		return False;
 	}
 
+	if (rdrcnt < 2) {
+		cli->rap_error = ERRbadformat;
+		goto done;
+	}
+
 	if (rparam) {
 		cli->rap_error = SVAL(rparam,0);
 	}
 
+done:
 	SAFE_FREE(rparam);
 	SAFE_FREE(rdata);