Index: nmbd/nmbd_packets.c
===================================================================
RCS file: /work/cvs/tng/source/nmbd/nmbd_packets.c,v
retrieving revision 1.16
diff -u -p -r1.16 nmbd_packets.c
--- nmbd/nmbd_packets.c	8 Feb 2005 10:52:37 -0000	1.16
+++ nmbd/nmbd_packets.c	24 Nov 2007 00:44:08 -0000
@@ -101,7 +101,7 @@
 Dumps out the browse packet data.
 **************************************************************************/
 
-static void debug_browse_data(char *outbuf, int len)
+static void debug_browse_data(const char *outbuf, int len)
 {
   int i,j;
 
@@ -848,7 +848,7 @@
 
 void reply_netbios_packet(struct packet_struct *orig_packet,
                           int rcode, enum netbios_reply_type_code rcv_code, int opcode,
-                          int ttl, char *data,int len)
+                          int ttl, const char *data, size_t len)
 {
   struct packet_struct packet;
   struct nmb_packet *nmb = NULL;
@@ -964,6 +964,11 @@
   
   if (data && len)
   {
+    if ((len < 0) || (len > sizeof(nmb->answers->rdata)))
+    {
+      DEBUG(0, ("%s: len too large!\n", __func__));
+      return;
+    }
     nmb->answers->rdlength = len;
     memcpy(nmb->answers->rdata, data, len);
   }