diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index e5d6e6b7fbd..76b7577de0e 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -3124,6 +3124,7 @@ NTSTATUS cli_smb2_rename(struct cli_state *cli,
 	smb_ucs2_t *converted_str = NULL;
 	size_t converted_size_bytes = 0;
 	size_t namelen = 0;
+	size_t inbuf_size;
 	TALLOC_CTX *frame = talloc_stackframe();
 
 	if (smbXcli_conn_has_async_calls(cli->conn)) {
@@ -3181,8 +3182,16 @@ NTSTATUS cli_smb2_rename(struct cli_state *cli,
 	}
 	converted_size_bytes -= 2;
 
-	inbuf = data_blob_talloc_zero(frame,
-				20 + converted_size_bytes);
+	inbuf_size = 20 + converted_size_bytes;
+	if (inbuf_size < 20) {
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto fail;
+	}
+	if (inbuf_size < 24) {
+		inbuf_size = 24;
+	}
+
+	inbuf = data_blob_talloc_zero(frame, inbuf_size);
 	if (inbuf.data == NULL) {
 		status = NT_STATUS_NO_MEMORY;
 		goto fail;