diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-09-14 13:04:28 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-09-14 15:53:36 +0200 |
commit | 563fa741f6a34a1300c81a8474ca87346a9f5cca (patch) | |
tree | f1e0fdd7dcc748ea40fdcb1b85ba5ed06376eabb /source3/smbd | |
parent | af7653c0348a9950c629fee7fdab75237d81a82e (diff) | |
download | samba-563fa741f6a34a1300c81a8474ca87346a9f5cca.tar.gz samba-563fa741f6a34a1300c81a8474ca87346a9f5cca.tar.bz2 samba-563fa741f6a34a1300c81a8474ca87346a9f5cca.zip |
s3:smb2_server: SMB2_OP_GETINFO doesn't require at least 1 dyn byte
metze
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/smb2_server.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 8fbbbc0502..d1b7ac5ce1 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1253,9 +1253,12 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) NTSTATUS smbd_smb2_request_verify_sizes(struct smbd_smb2_request *req, size_t expected_body_size) { + const uint8_t *inhdr; + uint16_t opcode; const uint8_t *inbody; int i = req->current_idx; size_t body_size; + size_t min_dyn_size = expected_body_size & 0x00000001; /* * The following should be checked already. @@ -1270,6 +1273,15 @@ NTSTATUS smbd_smb2_request_verify_sizes(struct smbd_smb2_request *req, return NT_STATUS_INTERNAL_ERROR; } + inhdr = (const uint8_t *)req->in.vector[i+0].iov_base; + opcode = SVAL(inhdr, SMB2_HDR_OPCODE); + + switch (opcode) { + case SMB2_OP_GETINFO: + min_dyn_size = 0; + break; + } + /* * Now check the expected body size, * where the last byte might be in the @@ -1278,7 +1290,7 @@ NTSTATUS smbd_smb2_request_verify_sizes(struct smbd_smb2_request *req, if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) { return NT_STATUS_INVALID_PARAMETER; } - if (req->in.vector[i+2].iov_len < (expected_body_size & 0x00000001)) { + if (req->in.vector[i+2].iov_len < min_dyn_size) { return NT_STATUS_INVALID_PARAMETER; } |