CVE-2007-5398-nmbd-buffer-overflow [plain text]
Index: samba/source/nmbd/nmbd_packets.c
===================================================================
--- samba/source/nmbd/nmbd_packets.c.orig
+++ samba/source/nmbd/nmbd_packets.c
@@ -963,6 +963,12 @@ for id %hu\n", packet_type, nmb_namestr(
nmb->answers->ttl = ttl;
if (data && len) {
+ if (len < 0 || len > sizeof(nmb->answers->rdata)) {
+ DEBUG(5,("reply_netbios_packet: "
+ "invalid packet len (%d)\n",
+ len ));
+ return;
+ }
nmb->answers->rdlength = len;
memcpy(nmb->answers->rdata, data, len);
}