diff options
author | Stefan Metzmacher <metze@samba.org> | 2009-06-09 19:32:30 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2009-06-09 19:33:46 +0200 |
commit | 8d9588390822745ad43f0df82b29704234c760b9 (patch) | |
tree | ebfbeb4f83f0a78476ff713f68888e710c99b2d4 | |
parent | ebf5523b6e2ae00d820d2c2d31c2f24aab020f91 (diff) | |
download | samba-8d9588390822745ad43f0df82b29704234c760b9.tar.gz samba-8d9588390822745ad43f0df82b29704234c760b9.tar.bz2 samba-8d9588390822745ad43f0df82b29704234c760b9.zip |
s4:smb2srv: don't allow the related flag on the first request in a compounded chain
metze
-rw-r--r-- | source4/smb_server/smb2/receive.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index 16f888b0a6..5ac01dcb7c 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -470,6 +470,7 @@ NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob) uint32_t protocol_version; uint16_t buffer_code; uint32_t dynamic_size; + uint32_t flags; smb_conn->statistics.last_request_time = cur_time; @@ -543,6 +544,12 @@ NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob) * - make sure it's a request */ + flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS); + /* the first request should never have the related flag set */ + if (flags & SMB2_HDR_FLAG_CHAINED) { + req->chain_status = NT_STATUS_INVALID_PARAMETER; + } + return smb2srv_reply(req); } |