From: Volker Lendecke <vl@samba.org>
Date: Sat, 2 May 2020 13:18:07 +0000 (+0200)
Subject: libsmb: Protect cli_oem_change_password() from rprcnt<2
X-Git-Tag: ldb-2.2.0~728
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f80c97cb8da64f3cd9904e2e1fd43c29b691166d;p=thirdparty%2Fsamba.git

libsmb: Protect cli_oem_change_password() from rprcnt<2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14362
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  5 17:12:04 UTC 2020 on sn-devel-184
---

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 3f6711cd236..e1f9cea4388 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -535,10 +535,16 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
 		return False;
 	}
 
+	if (rdrcnt < 2) {
+		cli->rap_error = ERRbadformat;
+		goto done;
+	}
+
 	if (rparam) {
 		cli->rap_error = SVAL(rparam,0);
 	}
 
+done:
 	SAFE_FREE(rparam);
 	SAFE_FREE(rdata);