1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 16:48:49 -05:00

smb: reject negative file sizes

Assisted-by: Max Dymond

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
This commit is contained in:
Daniel Stenberg 2018-05-12 22:24:25 +02:00
parent fe6b78b42d
commit 9cacc24630

View File

@ -790,10 +790,16 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done)
else {
smb_m = (const struct smb_nt_create_response*) msg;
conn->data->req.size = smb_swap64(smb_m->end_of_file);
Curl_pgrsSetDownloadSize(conn->data, conn->data->req.size);
if(conn->data->set.get_filetime)
get_posix_time(&conn->data->info.filetime, smb_m->last_change_time);
next_state = SMB_DOWNLOAD;
if(conn->data->req.size < 0) {
req->result = CURLE_WEIRD_SERVER_REPLY;
next_state = SMB_CLOSE;
}
else {
Curl_pgrsSetDownloadSize(conn->data, conn->data->req.size);
if(conn->data->set.get_filetime)
get_posix_time(&conn->data->info.filetime, smb_m->last_change_time);
next_state = SMB_DOWNLOAD;
}
}
break;