diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-11-17 00:48:24 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:46:22 -0500 |
commit | 94ae534128a28e7a3f2f4124283bd8c1acbff6d7 (patch) | |
tree | 5dd40b5756671c2420c8c2c57d697d7112a58dea | |
parent | 1c71db99aa78f489a66d58e1116884c23b0c10f8 (diff) | |
download | samba-94ae534128a28e7a3f2f4124283bd8c1acbff6d7.tar.gz samba-94ae534128a28e7a3f2f4124283bd8c1acbff6d7.tar.bz2 samba-94ae534128a28e7a3f2f4124283bd8c1acbff6d7.zip |
r11752: setup the dynamic pointer for incoming packets too
(This used to be commit 583f3c415ea33ddf5f4065a66f6fae49ab48455e)
-rw-r--r-- | source4/libcli/smb2/smb2.h | 2 | ||||
-rw-r--r-- | source4/libcli/smb2/transport.c | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index 47dd6fd272..0ff8b87143 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -138,7 +138,7 @@ struct smb2_request { }; -#define SMB2_MIN_SIZE 0x40 +#define SMB2_MIN_SIZE 0x42 /* offsets into header elements */ #define SMB2_HDR_LENGTH 0x04 diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index 04ebb88d4e..04767fa634 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -148,6 +148,8 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) int len; struct smb2_request *req = NULL; uint64_t seqnum; + uint16_t buffer_code; + uint32_t dynamic_size; buffer = blob.data; len = blob.length; @@ -183,6 +185,18 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob) req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE); req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS)); + buffer_code = SVAL(req->in.body, 0); + req->in.dynamic = NULL; + dynamic_size = req->in.body_size - (buffer_code & ~1); + if (dynamic_size != 0 && (buffer_code & 1)) { + req->in.dynamic = req->in.body + (buffer_code & ~1); + if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) { + DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n", + dynamic_size)); + goto error; + } + } + DEBUG(2, ("SMB2 RECV seqnum=0x%llx\n", req->seqnum)); dump_data(5, req->in.body, req->in.body_size); |