summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-06-09 19:32:30 +0200
committerStefan Metzmacher <metze@samba.org>2009-06-09 19:33:46 +0200
commit8d9588390822745ad43f0df82b29704234c760b9 (patch)
treeebfbeb4f83f0a78476ff713f68888e710c99b2d4
parentebf5523b6e2ae00d820d2c2d31c2f24aab020f91 (diff)
downloadsamba-8d9588390822745ad43f0df82b29704234c760b9.tar.gz
samba-8d9588390822745ad43f0df82b29704234c760b9.tar.bz2
samba-8d9588390822745ad43f0df82b29704234c760b9.zip
s4:smb2srv: don't allow the related flag on the first request in a compounded chain
metze
-rw-r--r--source4/smb_server/smb2/receive.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 16f888b0a6..5ac01dcb7c 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -470,6 +470,7 @@ NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
uint32_t protocol_version;
uint16_t buffer_code;
uint32_t dynamic_size;
+ uint32_t flags;
smb_conn->statistics.last_request_time = cur_time;
@@ -543,6 +544,12 @@ NTSTATUS smbsrv_recv_smb2_request(void *private_data, DATA_BLOB blob)
* - make sure it's a request
*/
+ flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+ /* the first request should never have the related flag set */
+ if (flags & SMB2_HDR_FLAG_CHAINED) {
+ req->chain_status = NT_STATUS_INVALID_PARAMETER;
+ }
+
return smb2srv_reply(req);
}