romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 00:51:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

smb: adjust buffer size checks

Browse source 
The checks did not account for the **two byte** 16bit read so risked
reading one more byte than what actually was received.

Reported-by: Joshua Rogers

Closes #18599
This commit is contained in:
Daniel Stenberg 2025-09-18 14:49:09 +02:00
parent 0f08211330
commit 5cc2b83446
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/smb.c
View file

@ -1104,7 +1104,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
break;
case SMB_DOWNLOAD:
if(h->status || smbc->got < sizeof(struct smb_header) + 14) {
if(h->status || smbc->got < sizeof(struct smb_header) + 15) {
req->result = CURLE_RECV_ERROR;
next_state = SMB_CLOSE;
break;
@ -1133,7 +1133,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
break;
case SMB_UPLOAD:
if(h->status || smbc->got < sizeof(struct smb_header) + 6) {
if(h->status || smbc->got < sizeof(struct smb_header) + 7) {
req->result = CURLE_UPLOAD_FAILED;
next_state = SMB_CLOSE;
break;