romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-30 11:17:30 +03:00
Code Issues Projects Releases Packages Wiki Activity

smb: fix a size check to be overflow safe

Browse source 
In smb_send_message, although it could never actually overflow it might
as well be done correctly. Also do the check earlier.

Closes #19640
This commit is contained in:
Daniel Stenberg 2025-11-21 14:34:31 +01:00
parent 6aa8fa3fdf
commit 047b36d7a6
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/smb.c
View file

@ -668,12 +668,12 @@ static CURLcode smb_send_message(struct Curl_easy *data,
unsigned char cmd,
const void *msg, size_t msg_len)
{
smb_format_message(smbc, req, (struct smb_header *)smbc->send_buf,
cmd, msg_len);
if((sizeof(struct smb_header) + msg_len) > MAX_MESSAGE_SIZE) {
if((MAX_MESSAGE_SIZE - sizeof(struct smb_header)) < msg_len) {
DEBUGASSERT(0);
return CURLE_SEND_ERROR;
}
smb_format_message(smbc, req, (struct smb_header *)smbc->send_buf,
cmd, msg_len);
memcpy(smbc->send_buf + sizeof(struct smb_header), msg, msg_len);
return smb_send(data, smbc, sizeof(struct smb_header) + msg_len, 0);