summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2009-01-14 12:58:13 +0100
committerVolker Lendecke <vl@samba.org>2009-01-14 17:08:39 +0100
commit274f575b2419800ef1a69f303088711eebb73b1a (patch)
tree4b19a5226c16bc3f5d2ffafe2deb67294f901199
parent583d7913c8a74b9dfe31cf39446f6cddbd077636 (diff)
downloadsamba-274f575b2419800ef1a69f303088711eebb73b1a.tar.gz
samba-274f575b2419800ef1a69f303088711eebb73b1a.tar.bz2
samba-274f575b2419800ef1a69f303088711eebb73b1a.zip
Check the fragment size the server has sent us
-rw-r--r--source3/rpc_client/cli_pipe.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index bc0d163aa0..0a208bae36 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -343,6 +343,13 @@ static NTSTATUS cli_pipe_get_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *p
return NT_STATUS_BUFFER_TOO_SMALL;
}
+ if (prhdr->frag_len > cli->max_recv_frag) {
+ DEBUG(0, ("cli_pipe_get_current_pdu: Server sent fraglen %d,"
+ " we only allow %d\n", (int)prhdr->frag_len,
+ (int)cli->max_recv_frag));
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
/* Ensure we have frag_len bytes of data. */
if (current_pdu_len < prhdr->frag_len) {
if (!rpc_grow_buffer(current_pdu, prhdr->frag_len)) {
@@ -2938,6 +2945,9 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
result->srv_name_slash = talloc_asprintf_strupper_m(
result, "\\\\%s", result->desthost);
+ result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+ result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
+
if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
TALLOC_FREE(result);
return NT_STATUS_NO_MEMORY;