From c25c2fc665ff9db4c1879f67a0c0d0deec6a40f6 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sat, 2 May 2020 15:10:14 +0200
Subject: [PATCH] libsmb: Protect cli_RNetServerEnum against rprcnt<6

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ce8b70df7bd63e96723b8e8dc864f1690f5fad7b)
---
 source3/libsmb/clirap.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 9b7f54c503b..16c1a502380 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -372,6 +372,13 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype,
 		}
 
 		rdata_end = rdata + rdrcnt;
+
+		if (rprcnt < 6) {
+			DBG_ERR("Got invalid result: rprcnt=%u\n", rprcnt);
+			res = -1;
+			break;
+		}
+
 		res = rparam ? SVAL(rparam,0) : -1;
 
 		if (res == 0 || res == ERRmoredata ||
-- 
2.47.2