diff options
| author | Volker Lendecke <vl@samba.org> | 2009-11-14 11:12:50 +0100 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2009-11-14 12:20:12 +0100 |
| commit | f4cf1c56a20916018c9a6513754b0b08c24c9d04 (patch) | |
| tree | 959d0658b45497e77b0a3b9071f5c8761dff5e51 /source3/libsmb/clitrans.c | |
| parent | 4a777ec4d709d2fce2378b7b4d740aa73c32e73b (diff) | |
| download | samba-f4cf1c56a20916018c9a6513754b0b08c24c9d04.tar.gz samba-f4cf1c56a20916018c9a6513754b0b08c24c9d04.tar.bz2 samba-f4cf1c56a20916018c9a6513754b0b08c24c9d04.zip | |
s3: Add min_setup, min_param and min_data to cli_trans_recv
Every caller that expects to receive something needs to check if enough was
sent. Make this check mandatory for everyone.
Yes, this makes the parameter list for cli_trans a bit silly, but that's just
the way it is: A silly protocol request :-)
While there, convert some _done functions to tevent_req_simple_finish_ntstatus.
Diffstat (limited to 'source3/libsmb/clitrans.c')
| -rw-r--r-- | source3/libsmb/clitrans.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index 98c09ed6e7..ec63bc3b9d 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -1204,9 +1204,12 @@ static void cli_trans_done(struct tevent_req *subreq) } NTSTATUS cli_trans_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, - uint16_t **setup, uint8_t *num_setup, - uint8_t **param, uint32_t *num_param, - uint8_t **data, uint32_t *num_data) + uint16_t **setup, uint8_t min_setup, + uint8_t *num_setup, + uint8_t **param, uint32_t min_param, + uint32_t *num_param, + uint8_t **data, uint32_t min_data, + uint32_t *num_data) { struct cli_trans_state *state = tevent_req_data( req, struct cli_trans_state); @@ -1216,6 +1219,12 @@ NTSTATUS cli_trans_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, return status; } + if ((state->num_rsetup < min_setup) + || (state->rparam.total < min_param) + || (state->rdata.total < min_data)) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + if (setup != NULL) { *setup = talloc_move(mem_ctx, &state->rsetup); *num_setup = state->num_rsetup; @@ -1247,9 +1256,9 @@ NTSTATUS cli_trans(TALLOC_CTX *mem_ctx, struct cli_state *cli, uint16_t *setup, uint8_t num_setup, uint8_t max_setup, uint8_t *param, uint32_t num_param, uint32_t max_param, uint8_t *data, uint32_t num_data, uint32_t max_data, - uint16_t **rsetup, uint8_t *num_rsetup, - uint8_t **rparam, uint32_t *num_rparam, - uint8_t **rdata, uint32_t *num_rdata) + uint16_t **rsetup, uint8_t min_rsetup, uint8_t *num_rsetup, + uint8_t **rparam, uint32_t min_rparam, uint32_t *num_rparam, + uint8_t **rdata, uint32_t min_rdata, uint32_t *num_rdata) { TALLOC_CTX *frame = talloc_stackframe(); struct event_context *ev; @@ -1285,8 +1294,9 @@ NTSTATUS cli_trans(TALLOC_CTX *mem_ctx, struct cli_state *cli, goto fail; } - status = cli_trans_recv(req, mem_ctx, rsetup, num_rsetup, - rparam, num_rparam, rdata, num_rdata); + status = cli_trans_recv(req, mem_ctx, rsetup, min_rsetup, num_rsetup, + rparam, min_rparam, num_rparam, + rdata, min_rdata, num_rdata); fail: TALLOC_FREE(frame); if (!NT_STATUS_IS_OK(status)) { |