summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-09-17 21:13:58 +0200
committerStefan Metzmacher <metze@samba.org>2011-09-18 05:33:10 +0200
commit820915775886a7cfbac1f0c65cbf151d01d82146 (patch)
tree5e25d694b60ea01ebd01125dc022dbb6ebed3024
parent270e88f4ff72ce1bd8dcd5e653df43d516951837 (diff)
downloadsamba-820915775886a7cfbac1f0c65cbf151d01d82146.tar.gz
samba-820915775886a7cfbac1f0c65cbf151d01d82146.tar.bz2
samba-820915775886a7cfbac1f0c65cbf151d01d82146.zip
s3:smb2cli: validate the opcode from the server is as expected
metze
-rw-r--r--source3/libsmb/smb2cli_base.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/source3/libsmb/smb2cli_base.c b/source3/libsmb/smb2cli_base.c
index 94c518fe3a..aff59e4212 100644
--- a/source3/libsmb/smb2cli_base.c
+++ b/source3/libsmb/smb2cli_base.c
@@ -547,9 +547,11 @@ static void smb2cli_inbuf_received(struct tevent_req *subreq)
uint8_t *inbuf_ref = NULL;
struct iovec *cur = &iov[i];
uint8_t *inhdr = (uint8_t *)cur[0].iov_base;
+ uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
+ uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
+ uint16_t req_opcode;
- req = cli_smb2_find_pending(
- cli, BVAL(inhdr, SMB2_HDR_MESSAGE_ID));
+ req = cli_smb2_find_pending(cli, mid);
if (req == NULL) {
/*
* TODO: handle oplock breaks and async responses
@@ -564,9 +566,18 @@ static void smb2cli_inbuf_received(struct tevent_req *subreq)
TALLOC_FREE(frame);
return;
}
- smb2cli_req_unset_pending(req);
state = tevent_req_data(req, struct smb2cli_req_state);
+ req_opcode = SVAL(state->hdr, SMB2_HDR_OPCODE);
+ if (opcode != req_opcode) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ smb2cli_notify_pending(cli, status);
+ TALLOC_FREE(frame);
+ return;
+ }
+
+ smb2cli_req_unset_pending(req);
+
/*
* There might be more than one response
* we need to defer the notifications