diff options
| author | Jeremy Allison <jra@samba.org> | 2010-04-06 16:31:26 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-04-06 16:31:26 -0700 |
| commit | 3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd (patch) | |
| tree | 45ffc33abe694a902ca2cf5b20e613d753a0a2bd | |
| parent | 9c410118cb8b53a6a7194b6768f433cac056e4d2 (diff) | |
| download | samba-3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd.tar.gz samba-3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd.tar.bz2 samba-3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd.zip | |
Ensure we total up the correct number of creds requested in a compound request.
| -rw-r--r-- | source3/smbd/smb2_server.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index c64f82f407..7fd3ef4034 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -249,6 +249,7 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req, } for (idx=1; idx < count; idx += 3) { + uint16_t creds_requested = 0; const uint8_t *inhdr = NULL; uint32_t flags; @@ -267,7 +268,12 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req, return NT_STATUS_INVALID_PARAMETER; } - *p_creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT); + creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT); + if (*p_creds_requested + creds_requested < creds_requested) { + *p_creds_requested = 65535; + } else { + *p_creds_requested += creds_requested; + } flags = IVAL(inhdr, SMB2_HDR_FLAGS); if (idx == 1) { |