From 779717df2ed39b701deaf2472b42d59ff50fab7f Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 22 Nov 2021 05:32:46 +0100
Subject: [PATCH] CVE-2021-31439: libatalk: apply limit checking to DSI write
 offset

Signed-off-by: Ralph Boehme <slow@samba.org>
---
 libatalk/dsi/dsi_stream.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libatalk/dsi/dsi_stream.c b/libatalk/dsi/dsi_stream.c
index c8f859ce1ca..479d3ca4263 100644
--- a/libatalk/dsi/dsi_stream.c
+++ b/libatalk/dsi/dsi_stream.c
@@ -624,6 +624,7 @@ int dsi_stream_receive(DSI *dsi)
   
   /* make sure we don't over-write our buffers. */
   dsi->cmdlen = MIN(ntohl(dsi->header.dsi_len), dsi->server_quantum);
+  dsi->header.dsi_data.dsi_doff = MIN(dsi->header.dsi_data.dsi_doff, dsi->server_quantum);
 
   /* Receiving DSIWrite data is done in AFP function, not here */
   if (dsi->header.dsi_data.dsi_doff) {