diff options
author | Simo Sorce <idra@samba.org> | 2010-07-14 16:15:13 -0400 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-07-16 01:51:17 +0200 |
commit | cc15396c8a70270d4c85055111e58d71f5c96dd6 (patch) | |
tree | e4b6665f3b9efb484cc624e865fdf16603a3d31d | |
parent | 79c207ed62ef661add5d48ea898b7a415a9c17d9 (diff) | |
download | samba-cc15396c8a70270d4c85055111e58d71f5c96dd6.tar.gz samba-cc15396c8a70270d4c85055111e58d71f5c96dd6.tar.bz2 samba-cc15396c8a70270d4c85055111e58d71f5c96dd6.zip |
s3-dcerpc: Read a pdu in 2 steps, header first the payload
We can't really cope with receiving more data than expected anyway
as there is code that checks if the size of the buffer is consistent with
pkt->frag_length and throws an error if not.
Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 26 |
1 files changed, 8 insertions, 18 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 60dd22d3a0..005f19307e 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1125,21 +1125,13 @@ static NTSTATUS cli_pipe_reset_current_pdu(struct rpc_pipe_client *cli, /* * Oh no ! More data in buffer than we processed in current pdu. - * Cheat. Move the data down and shrink the buffer. + * This shouldn't happen, we only read exactly pkt->frag_length. + * Something is wrong here, throw an error. */ - memcpy(prs_data_p(current_pdu), prs_data_p(current_pdu) + pkt->frag_length, - current_pdu_len - pkt->frag_length); - - /* Remember to set the read offset back to zero. */ - prs_set_offset(current_pdu, 0); - - /* Shrink the buffer. */ - if (!prs_set_buffer_size(current_pdu, current_pdu_len - pkt->frag_length)) { - return NT_STATUS_BUFFER_TOO_SMALL; - } - - return NT_STATUS_OK; + DEBUG(0, ("Data buffer size (%u) and pkt->frag_length (%u) differ\n!", + (unsigned)current_pdu_len, (unsigned)pkt->frag_length)); + return NT_STATUS_INVALID_BUFFER_SIZE; } /**************************************************************************** @@ -1378,11 +1370,9 @@ static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx, DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(talloc_tos(), cli))); - max_recv_frag = cli->max_recv_frag; - -#if 0 - max_recv_frag = RPC_HEADER_LEN + 10 + (sys_random() % 32); -#endif + /* get the header first, then fetch the rest once we have + * the frag_length available */ + max_recv_frag = RPC_HEADER_LEN; subreq = cli_api_pipe_send(state, ev, cli->transport, (uint8_t *)prs_data_p(data), |