From 2fb27fcb692dfaccf36c6530012d6e24f944e1a4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Sun, 12 Aug 2007 12:15:32 +0000
Subject: [PATCH] r24349: For large read&x we need more than 64k of outbuf.
 (This used to be commit f7e2eec35f7457ec70d75ef099b34f83c9dfd654)

---
 source3/smbd/process.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index adc3f638e01..c59ee2c2003 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -953,8 +953,19 @@ static const struct smb_message_struct {
  allocate and initialize a reply packet
 ********************************************************************/
 
-void reply_outbuf(struct smb_request *req, uint8 num_words, uint16 num_bytes)
+void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
 {
+	/*
+         * Protect against integer wrap
+         */
+	if ((num_bytes > 0xffffff)
+	    || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
+		char *msg;
+		asprintf(&msg, "num_bytes too large: %u",
+			 (unsigned)num_bytes);
+		smb_panic(msg);
+	}
+
 	if (!(req->outbuf = TALLOC_ARRAY(
 		      req, uint8,
 		      smb_size + num_words*2 + num_bytes))) {
-- 
2.11.4.GIT