smb: check for full size message before reading message details

To avoid reading of uninitialized data. Assisted-by: Max Dymond Bug: https://crbug.com/oss-fuzz/16907 Closes #4363
2025-02-28 17:31:46 -05:00 · 2019-09-16 10:15:05 +02:00 · 2019-09-16 10:15:05 +02:00 · 6de1053692
commit 6de1053692
parent 00da834156
1 changed files with 2 additions and 1 deletions
--- a/lib/smb.c
+++ b/lib/smb.c
@ -682,7 +682,8 @@ static CURLcode smb_connection_state(struct connectdata *conn, bool *done)
  switch(smbc->state) {
  case SMB_NEGOTIATE:
-    if(h->status || smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) {
+    if((smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) ||
       h->status) {
      connclose(conn, "SMB: negotiation failed");
      return CURLE_COULDNT_CONNECT;
    }