summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2013-04-01 20:11:26 -0700
committerRichard Sharpe <sharpe@samba.org>2013-04-02 07:28:48 +0200
commit5530cc4816534d64d50403c266616633db8202cc (patch)
tree471b414876f026cfad734a075b86636e02af408b /source3/smbd
parent7fd926fcdcb92a8e1e2b0c29371f2eb2ae4057df (diff)
downloadsamba-5530cc4816534d64d50403c266616633db8202cc.tar.gz
samba-5530cc4816534d64d50403c266616633db8202cc.tar.bz2
samba-5530cc4816534d64d50403c266616633db8202cc.zip
Fix bad SMB2 opcode reading in server.
SMB2 opcodes are 16-bit values. We should *never* be reading them with IVAL(inhdr, SMB2_HDR_OPCODE), it should always be SVAL(inhdr, SMB2_HDR_OPCODE). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Tue Apr 2 07:28:48 CEST 2013 on sn-devel-104
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/smb2_server.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index f486236897..eb7059ed9b 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -632,7 +632,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn,
const uint8_t *inhdr)
{
uint64_t message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
- uint16_t opcode = IVAL(inhdr, SMB2_HDR_OPCODE);
+ uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
uint16_t credit_charge = 1;
uint64_t i;
@@ -1416,7 +1416,7 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
DEBUG(10,("smbd_smb2_request_pending_queue: opcode[%s] mid %llu "
"going async\n",
- smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)),
+ smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)),
(unsigned long long)async_id ));
/*
@@ -1621,7 +1621,7 @@ static NTSTATUS smbd_smb2_request_process_cancel(struct smbd_smb2_request *req)
inhdr = SMBD_SMB2_IN_HDR_PTR(cur);
DEBUG(10,("smbd_smb2_request_process_cancel: attempting to "
"cancel opcode[%s] mid %llu\n",
- smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)),
+ smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)),
(unsigned long long)found_id ));
tevent_req_cancel(cur->subreq);
}
@@ -1699,7 +1699,7 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
inhdr = SMBD_SMB2_IN_HDR_PTR(req);
in_flags = IVAL(inhdr, SMB2_HDR_FLAGS);
- in_opcode = IVAL(inhdr, SMB2_HDR_OPCODE);
+ in_opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
if (in_flags & SMB2_HDR_FLAG_CHAINED) {
@@ -1870,7 +1870,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
/* TODO: verify more things */
flags = IVAL(inhdr, SMB2_HDR_FLAGS);
- opcode = IVAL(inhdr, SMB2_HDR_OPCODE);
+ opcode = SVAL(inhdr, SMB2_HDR_OPCODE);
mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID);
DEBUG(10,("smbd_smb2_request_dispatch: opcode[%s] mid = %llu\n",
smb2_opcode_name(opcode),