| commit | 3165b230b93a383b164ac4488f7fc16fda8c772b | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Fri, 26 Jun 2015 06:10:46 +0000 (26 08:10 +0200) | ||
| committer | Stefan Metzmacher <metze@samba.org> | |
| Wed, 30 Mar 2016 02:21:34 +0000 (30 04:21 +0200) | ||
| tree | cb17c428b8c296ddabbdafd42d551b91df57ae30 | treesnapshot (tar.gz zip) |
| parent | 563d8fe8c77dc0b435b99001c23927163faf358d | commitdiff |
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
These values are controlled by the client but only in a range between
2048 and 5840 (including these values in 8 byte steps).
recv and xmit result always in same min value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
These values are controlled by the client but only in a range between
2048 and 5840 (including these values in 8 byte steps).
recv and xmit result always in same min value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
| source4/rpc_server/common/reply.c | diffblobblamehistory | |
| source4/rpc_server/dcerpc_server.c | diffblobblamehistory | |
| source4/rpc_server/dcerpc_server.h | diffblobblamehistory |