diff options
author | Volker Lendecke <vl@samba.org> | 2009-01-14 12:58:13 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2009-01-14 17:08:39 +0100 |
commit | 274f575b2419800ef1a69f303088711eebb73b1a (patch) | |
tree | 4b19a5226c16bc3f5d2ffafe2deb67294f901199 | |
parent | 583d7913c8a74b9dfe31cf39446f6cddbd077636 (diff) | |
download | samba-274f575b2419800ef1a69f303088711eebb73b1a.tar.gz samba-274f575b2419800ef1a69f303088711eebb73b1a.tar.bz2 samba-274f575b2419800ef1a69f303088711eebb73b1a.zip |
Check the fragment size the server has sent us
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index bc0d163aa0..0a208bae36 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -343,6 +343,13 @@ static NTSTATUS cli_pipe_get_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *p return NT_STATUS_BUFFER_TOO_SMALL; } + if (prhdr->frag_len > cli->max_recv_frag) { + DEBUG(0, ("cli_pipe_get_current_pdu: Server sent fraglen %d," + " we only allow %d\n", (int)prhdr->frag_len, + (int)cli->max_recv_frag)); + return NT_STATUS_BUFFER_TOO_SMALL; + } + /* Ensure we have frag_len bytes of data. */ if (current_pdu_len < prhdr->frag_len) { if (!rpc_grow_buffer(current_pdu, prhdr->frag_len)) { @@ -2938,6 +2945,9 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, result->srv_name_slash = talloc_asprintf_strupper_m( result, "\\\\%s", result->desthost); + result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN; + result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN; + if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) { TALLOC_FREE(result); return NT_STATUS_NO_MEMORY; |