]> granicus.if.org Git - curl/commitdiff
projects / curl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00da834)
smb: check for full size message before reading message details
authorDaniel Stenberg <daniel@haxx.se>
Mon, 16 Sep 2019 08:15:05 +0000 (10:15 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 16 Sep 2019 12:16:06 +0000 (14:16 +0200)
To avoid reading of uninitialized data.

Assisted-by: Max Dymond
Bug: https://crbug.com/oss-fuzz/16907
Closes #4363

lib/smb.c patch | blob | history

diff --git a/lib/smb.c b/lib/smb.c
index f66c05ca4265af388fc9c80bfa9ff66964a05ac3..12f99257fca86ad8aeb2ab2e55b56cb8241a7b99 100644 (file)
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -682,7 +682,8 @@ static CURLcode smb_connection_state(struct connectdata *conn, bool *done)
 
   switch(smbc->state) {
   case SMB_NEGOTIATE:
-    if(h->status || smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) {
+    if((smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) ||
+       h->status) {
       connclose(conn, "SMB: negotiation failed");
       return CURLE_COULDNT_CONNECT;
     }
Unnamed repository; edit this file 'description' to name the repository.