Skip to content

Commit

Permalink
CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()
Browse files Browse the repository at this point in the history 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
  • Loading branch information
@metze-samba @kseeger
metze-samba authored and kseeger committed Dec 5, 2013
1 parent 2883374 commit 17667fc
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions source4/librpc/rpc/dcerpc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -658,6 +658,10 @@ static NTSTATUS ncacn_pull(struct dcecli_connection *c, DATA_BLOB *blob, TALLOC_
return ndr_map_error2ntstatus(ndr_err);
}

if (pkt->frag_length != blob->length) {
return NT_STATUS_RPC_PROTOCOL_ERROR;
}

return NT_STATUS_OK;
}

Expand Down

0 comments on commit 17667fc

Please sign in to comment.