summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-09-14 13:04:28 +0200
committerStefan Metzmacher <metze@samba.org>2011-09-14 15:53:36 +0200
commit563fa741f6a34a1300c81a8474ca87346a9f5cca (patch)
treef1e0fdd7dcc748ea40fdcb1b85ba5ed06376eabb /source3/smbd
parentaf7653c0348a9950c629fee7fdab75237d81a82e (diff)
downloadsamba-563fa741f6a34a1300c81a8474ca87346a9f5cca.tar.gz
samba-563fa741f6a34a1300c81a8474ca87346a9f5cca.tar.bz2
samba-563fa741f6a34a1300c81a8474ca87346a9f5cca.zip
s3:smb2_server: SMB2_OP_GETINFO doesn't require at least 1 dyn byte
metze
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/smb2_server.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 8fbbbc0502..d1b7ac5ce1 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1253,9 +1253,12 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
NTSTATUS smbd_smb2_request_verify_sizes(struct smbd_smb2_request *req,
size_t expected_body_size)
{
+ const uint8_t *inhdr;
+ uint16_t opcode;
const uint8_t *inbody;
int i = req->current_idx;
size_t body_size;
+ size_t min_dyn_size = expected_body_size & 0x00000001;
/*
* The following should be checked already.
@@ -1270,6 +1273,15 @@ NTSTATUS smbd_smb2_request_verify_sizes(struct smbd_smb2_request *req,
return NT_STATUS_INTERNAL_ERROR;
}
+ inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
+ opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
+
+ switch (opcode) {
+ case SMB2_OP_GETINFO:
+ min_dyn_size = 0;
+ break;
+ }
+
/*
* Now check the expected body size,
* where the last byte might be in the
@@ -1278,7 +1290,7 @@ NTSTATUS smbd_smb2_request_verify_sizes(struct smbd_smb2_request *req,
if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
return NT_STATUS_INVALID_PARAMETER;
}
- if (req->in.vector[i+2].iov_len < (expected_body_size & 0x00000001)) {
+ if (req->in.vector[i+2].iov_len < min_dyn_size) {
return NT_STATUS_INVALID_PARAMETER;
}