diff options
author | Volker Lendecke <vlendec@samba.org> | 2007-08-10 21:33:58 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:29:28 -0500 |
commit | d465b468c1bd1e43fc1bf1622415ed98dafa6627 (patch) | |
tree | ab21890d7c64946106fc70d43a78a60cc40be303 /source3/smbd | |
parent | c898c519843e9bca4104e1414d9f5e0dbad77950 (diff) | |
download | samba-d465b468c1bd1e43fc1bf1622415ed98dafa6627.tar.gz samba-d465b468c1bd1e43fc1bf1622415ed98dafa6627.tar.bz2 samba-d465b468c1bd1e43fc1bf1622415ed98dafa6627.zip |
r24319: Check wct in reply_read_and_X
(This used to be commit 9ddacdfa131c4a4a852b3d30db1ee22d1852d0c2)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/reply.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index c02bbc8719..3e35c0064b 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2860,10 +2860,10 @@ normal_read: int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize) { - files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv2)); - SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3); + files_struct *fsp; + SMB_OFF_T startpos; ssize_t nread = -1; - size_t smb_maxcnt = SVAL(inbuf,smb_vwv5); + size_t smb_maxcnt; BOOL big_readX = False; #if 0 size_t smb_mincnt = SVAL(inbuf,smb_vwv6); @@ -2871,6 +2871,14 @@ int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt START_PROFILE(SMBreadX); + if ((CVAL(inbuf, smb_wct) != 10) && (CVAL(inbuf, smb_wct) != 12)) { + return ERROR_NT(NT_STATUS_INVALID_PARAMETER); + } + + fsp = file_fsp(SVAL(inbuf,smb_vwv2)); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3); + smb_maxcnt = SVAL(inbuf,smb_vwv5); + /* If it's an IPC, pass off the pipe handler. */ if (IS_IPC(conn)) { END_PROFILE(SMBreadX); |