summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-04-06 16:31:26 -0700
committerJeremy Allison <jra@samba.org>2010-04-06 16:31:26 -0700
commit3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd (patch)
tree45ffc33abe694a902ca2cf5b20e613d753a0a2bd
parent9c410118cb8b53a6a7194b6768f433cac056e4d2 (diff)
downloadsamba-3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd.tar.gz
samba-3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd.tar.bz2
samba-3d113a6ffb91ccc760015b8ef74cc4ba4cbdf5fd.zip
Ensure we total up the correct number of creds requested in a compound request.
-rw-r--r--source3/smbd/smb2_server.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index c64f82f407..7fd3ef4034 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -249,6 +249,7 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req,
}
for (idx=1; idx < count; idx += 3) {
+ uint16_t creds_requested = 0;
const uint8_t *inhdr = NULL;
uint32_t flags;
@@ -267,7 +268,12 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req,
return NT_STATUS_INVALID_PARAMETER;
}
- *p_creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
+ creds_requested = SVAL(inhdr, SMB2_HDR_CREDIT);
+ if (*p_creds_requested + creds_requested < creds_requested) {
+ *p_creds_requested = 65535;
+ } else {
+ *p_creds_requested += creds_requested;
+ }
flags = IVAL(inhdr, SMB2_HDR_FLAGS);
if (idx == 1) {