Attachment #172416 for bug #247620

View | Details | Raw Unified | Return to bug 247620
Collapse All | Expand All

Lines 764-773 void reply_transs(struct smb_request *req) Link Here

(-)a/source/smbd/ipc.c (-3 / +3 lines)
764	goto bad_param;	764	goto bad_param;
765	}	765	}
766		766
767	if (ddisp > av_size \|\|	767	if (doff > av_size \|\|
768	dcnt > av_size \|\|	768	dcnt > av_size \|\|
769	ddisp+dcnt > av_size \|\|	769	doff+dcnt > av_size \|\|
770	ddisp+dcnt < ddisp) {	770	doff+dcnt < doff) {
771	goto bad_param;	771	goto bad_param;
772	}	772	}
773		773

Lines 2853-2862 void reply_nttranss(struct smb_request *req) Link Here

(-)a/source/smbd/nttrans.c (-3 / +3 lines)
2853	goto bad_param;	2853	goto bad_param;
2854	}	2854	}
2855		2855
2856	if (ddisp > av_size \|\|	2856	if (doff > av_size \|\|
2857	dcnt > av_size \|\|	2857	dcnt > av_size \|\|
2858	ddisp+dcnt > av_size \|\|	2858	doff+dcnt > av_size \|\|
2859	ddisp+dcnt < ddisp) {	2859	doff+dcnt < doff) {
2860	goto bad_param;	2860	goto bad_param;
2861	}	2861	}
2862		2862

Lines 7785-7794 void reply_transs2(struct smb_request *req) Link Here

(-)a/source/smbd/trans2.c (-4 / +3 lines)
7785	goto bad_param;	7785	goto bad_param;
7786	}	7786	}
7787		7787
7788	if (ddisp > av_size \|\|	7788	if (doff > av_size \|\|
7789	dcnt > av_size \|\|	7789	dcnt > av_size \|\|
7790	ddisp+dcnt > av_size \|\|	7790	doff+dcnt > av_size \|\|
7791	ddisp+dcnt < ddisp) {	7791	doff+dcnt < doff) {
7792	goto bad_param;	7792	goto bad_param;
7793	}	7793	}
7794		7794
7795	-

Return to bug 247620