From be65a8568bba1ff336c5d4ec330b10b0d8b462ae Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Sat, 19 Jun 2021 21:51:06 +0200
Subject: [PATCH] [SAMLIB] Check the server name in the binding routine

---
 dll/win32/samlib/samlib.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/dll/win32/samlib/samlib.c b/dll/win32/samlib/samlib.c
index d5414d664b5..7237a874d12 100644
--- a/dll/win32/samlib/samlib.c
+++ b/dll/win32/samlib/samlib.c
@@ -77,6 +77,27 @@ PSAMPR_SERVER_NAME_bind(PSAMPR_SERVER_NAME pszSystemName)
 
     TRACE("PSAMPR_SERVER_NAME_bind(%S)\n", pszSystemName);
 
+    /* Check the server name prefix and server name length */
+    if (pszSystemName != NULL)
+    {
+        int nLength = wcslen(pszSystemName);
+        int nNameLength = nLength;
+
+        if (nLength >= 1 && pszSystemName[0] == L'\\')
+            nNameLength--;
+
+        if (nLength >= 2 && pszSystemName[1] == L'\\')
+            nNameLength--;
+
+        if (((nLength - nNameLength != 0) &&
+             (nLength - nNameLength != 2)) ||
+            (nNameLength == 0))
+        {
+            WARN("Invalid server name %S", pszSystemName);
+            RpcRaiseException(STATUS_OBJECT_NAME_INVALID);
+        }
+    }
+
     status = RpcStringBindingComposeW(NULL,
                                       L"ncacn_np",
                                       pszSystemName,