From f80c97cb8da64f3cd9904e2e1fd43c29b691166d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sat, 2 May 2020 15:18:07 +0200
Subject: [PATCH] libsmb: Protect cli_oem_change_password() from rprcnt<2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14362
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  5 17:12:04 UTC 2020 on sn-devel-184
---
 source3/libsmb/clirap.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 3f6711cd236..e1f9cea4388 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -535,10 +535,16 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char
 		return False;
 	}
 
+	if (rdrcnt < 2) {
+		cli->rap_error = ERRbadformat;
+		goto done;
+	}
+
 	if (rparam) {
 		cli->rap_error = SVAL(rparam,0);
 	}
 
+done:
 	SAFE_FREE(rparam);
 	SAFE_FREE(rdata);
 
-- 
2.47.3