From d801ed421800bcd5df9045f7327c92cd4fc944aa Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 10 Mar 2022 16:12:30 +0100
Subject: [PATCH] CVE-2022-23125: harden copyapplfile()

Signed-off-by: Ralph Boehme <slow@samba.org>
---
 etc/afpd/appl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etc/afpd/appl.c b/etc/afpd/appl.c
index f53803e0dfc..be4ba4d3797 100644
--- a/etc/afpd/appl.c
+++ b/etc/afpd/appl.c
@@ -95,6 +95,11 @@ static int copyapplfile(int sfd, int dfd, char *mpath, u_short mplen)
         p = buf + sizeof(appltag);
         memcpy( &len, p, sizeof(len));
         len = ntohs( len );
+        if (len > MAXPATHLEN - (sizeof(appltag) + sizeof(len))) {
+            errno = EINVAL;
+            cc = -1;
+            break;
+        }
         p += sizeof( len );
         if (( cc = read( sa.sdt_fd, p, len )) < len ) {
             break;