From 35dda98c659de3fe38f1d9ef2403f9b9ced9ba3b Mon Sep 17 00:00:00 2001
From: Asanka Herath <asanka@secure-endpoints.com>
Date: Sun, 10 Jun 2007 06:54:10 +0000
Subject: [PATCH] STABLE14-windows-pioctl-buffer-overrun-20070609

this patch protects against a buffer overrun in the client if the
server were to send more data than the receiving buffer can hold.


(cherry picked from commit 8a814a5596e9d8db1c24326715f794ae46966b3b)
---
 src/sys/pioctl_nt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/sys/pioctl_nt.c b/src/sys/pioctl_nt.c
index 7dc238d511..3a3f83ea40 100644
--- a/src/sys/pioctl_nt.c
+++ b/src/sys/pioctl_nt.c
@@ -844,6 +844,10 @@ pioctl(char *pathp, long opcode, struct ViceIoctl *blobp, int follow)
 
     MarshallString(&preq, fullPath);
     if (blobp->in_size) {
+        if (blobp->in_size > sizeof(preq.data) - (preq.mp - preq.data)*sizeof(char)) {
+            errno = E2BIG;
+            return -1;
+        }
 	memcpy(preq.mp, blobp->in, blobp->in_size);
 	preq.mp += blobp->in_size;
     }