mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
smb: reject negative file sizes
Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
This commit is contained in:
parent
fe6b78b42d
commit
9cacc24630
14
lib/smb.c
14
lib/smb.c
@ -790,10 +790,16 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done)
|
||||
else {
|
||||
smb_m = (const struct smb_nt_create_response*) msg;
|
||||
conn->data->req.size = smb_swap64(smb_m->end_of_file);
|
||||
Curl_pgrsSetDownloadSize(conn->data, conn->data->req.size);
|
||||
if(conn->data->set.get_filetime)
|
||||
get_posix_time(&conn->data->info.filetime, smb_m->last_change_time);
|
||||
next_state = SMB_DOWNLOAD;
|
||||
if(conn->data->req.size < 0) {
|
||||
req->result = CURLE_WEIRD_SERVER_REPLY;
|
||||
next_state = SMB_CLOSE;
|
||||
}
|
||||
else {
|
||||
Curl_pgrsSetDownloadSize(conn->data, conn->data->req.size);
|
||||
if(conn->data->set.get_filetime)
|
||||
get_posix_time(&conn->data->info.filetime, smb_m->last_change_time);
|
||||
next_state = SMB_DOWNLOAD;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user