diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-09-17 21:13:58 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-09-18 05:33:10 +0200 |
commit | 820915775886a7cfbac1f0c65cbf151d01d82146 (patch) | |
tree | 5e25d694b60ea01ebd01125dc022dbb6ebed3024 | |
parent | 270e88f4ff72ce1bd8dcd5e653df43d516951837 (diff) | |
download | samba-820915775886a7cfbac1f0c65cbf151d01d82146.tar.gz samba-820915775886a7cfbac1f0c65cbf151d01d82146.tar.bz2 samba-820915775886a7cfbac1f0c65cbf151d01d82146.zip |
s3:smb2cli: validate the opcode from the server is as expected
metze
-rw-r--r-- | source3/libsmb/smb2cli_base.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/source3/libsmb/smb2cli_base.c b/source3/libsmb/smb2cli_base.c index 94c518fe3a..aff59e4212 100644 --- a/source3/libsmb/smb2cli_base.c +++ b/source3/libsmb/smb2cli_base.c @@ -547,9 +547,11 @@ static void smb2cli_inbuf_received(struct tevent_req *subreq) uint8_t *inbuf_ref = NULL; struct iovec *cur = &iov[i]; uint8_t *inhdr = (uint8_t *)cur[0].iov_base; + uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE); + uint64_t mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); + uint16_t req_opcode; - req = cli_smb2_find_pending( - cli, BVAL(inhdr, SMB2_HDR_MESSAGE_ID)); + req = cli_smb2_find_pending(cli, mid); if (req == NULL) { /* * TODO: handle oplock breaks and async responses @@ -564,9 +566,18 @@ static void smb2cli_inbuf_received(struct tevent_req *subreq) TALLOC_FREE(frame); return; } - smb2cli_req_unset_pending(req); state = tevent_req_data(req, struct smb2cli_req_state); + req_opcode = SVAL(state->hdr, SMB2_HDR_OPCODE); + if (opcode != req_opcode) { + status = NT_STATUS_INVALID_NETWORK_RESPONSE; + smb2cli_notify_pending(cli, status); + TALLOC_FREE(frame); + return; + } + + smb2cli_req_unset_pending(req); + /* * There might be more than one response * we need to defer the notifications |