smb: check for full size message before reading message details

To avoid reading of uninitialized data. Assisted-by: Max Dymond Bug: https://crbug.com/oss-fuzz/16907 Closes #4363
2024-11-21 01:16:58 +08:00 · 2019-09-16 10:15:05 +02:00 · 2019-09-16 10:15:05 +02:00 · 6de1053692
commit 6de1053692
parent 00da834156
1 changed files with 2 additions and 1 deletions
--- a/lib/smb.c
+++ b/lib/smb.c
@ -682,7 +682,8 @@ static CURLcode smb_connection_state(struct connectdata *conn, bool *done)

  switch(smbc->state) {
  case SMB_NEGOTIATE:
-    if(h->status || smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) {
+    if((smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) ||
+       h->status) {
      connclose(conn, "SMB: negotiation failed");
      return CURLE_COULDNT_CONNECT;
    }