summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-11-17 00:48:24 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:46:22 -0500
commit94ae534128a28e7a3f2f4124283bd8c1acbff6d7 (patch)
tree5dd40b5756671c2420c8c2c57d697d7112a58dea
parent1c71db99aa78f489a66d58e1116884c23b0c10f8 (diff)
downloadsamba-94ae534128a28e7a3f2f4124283bd8c1acbff6d7.tar.gz
samba-94ae534128a28e7a3f2f4124283bd8c1acbff6d7.tar.bz2
samba-94ae534128a28e7a3f2f4124283bd8c1acbff6d7.zip
r11752: setup the dynamic pointer for incoming packets too
(This used to be commit 583f3c415ea33ddf5f4065a66f6fae49ab48455e)
-rw-r--r--source4/libcli/smb2/smb2.h2
-rw-r--r--source4/libcli/smb2/transport.c14
2 files changed, 15 insertions, 1 deletions
diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h
index 47dd6fd272..0ff8b87143 100644
--- a/source4/libcli/smb2/smb2.h
+++ b/source4/libcli/smb2/smb2.h
@@ -138,7 +138,7 @@ struct smb2_request {
};
-#define SMB2_MIN_SIZE 0x40
+#define SMB2_MIN_SIZE 0x42
/* offsets into header elements */
#define SMB2_HDR_LENGTH 0x04
diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c
index 04ebb88d4e..04767fa634 100644
--- a/source4/libcli/smb2/transport.c
+++ b/source4/libcli/smb2/transport.c
@@ -148,6 +148,8 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
int len;
struct smb2_request *req = NULL;
uint64_t seqnum;
+ uint16_t buffer_code;
+ uint32_t dynamic_size;
buffer = blob.data;
len = blob.length;
@@ -183,6 +185,18 @@ static NTSTATUS smb2_transport_finish_recv(void *private, DATA_BLOB blob)
req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE);
req->status = NT_STATUS(IVAL(hdr, SMB2_HDR_STATUS));
+ buffer_code = SVAL(req->in.body, 0);
+ req->in.dynamic = NULL;
+ dynamic_size = req->in.body_size - (buffer_code & ~1);
+ if (dynamic_size != 0 && (buffer_code & 1)) {
+ req->in.dynamic = req->in.body + (buffer_code & ~1);
+ if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) {
+ DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n",
+ dynamic_size));
+ goto error;
+ }
+ }
+
DEBUG(2, ("SMB2 RECV seqnum=0x%llx\n", req->seqnum));
dump_data(5, req->in.body, req->in.body_size);