From 0643b0429645dc20c895a7aa9e7328e98cbd6894 Mon Sep 17 00:00:00 2001
From: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Date: Thu, 4 Apr 2013 13:29:01 +0200
Subject: [PATCH 3/3] s3:smbd: do not access data behind req->buf+req->buflen
 in srvstr_pull_req_talloc()

---
 source3/smbd/reply.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 31d6aef..303f5ee 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -346,8 +346,14 @@ size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
 size_t srvstr_pull_req_talloc(TALLOC_CTX *ctx, struct smb_request *req,
 			      char **dest, const char *src, int flags)
 {
+	ssize_t bufrem = smbreq_bufrem(req, src);
+
+	if (bufrem < 0) {
+		return 0;
+	}
+
 	return pull_string_talloc(ctx, req->inbuf, req->flags2, dest, src,
-				  smbreq_bufrem(req, src), flags);
+				  bufrem, flags);
 }
 
 /****************************************************************************
-- 
1.7.9.5