summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorDavid Disseldorp <ddiss@suse.de>2011-09-28 14:45:42 +0200
committerDavid Disseldorp <ddiss@samba.org>2011-09-29 13:14:21 +0200
commitdbcd59f46b0d2125dfb6eb82b3d92be228c6ae4b (patch)
treee225e4ee139d4730b9a11d9485d9853b3bb311f4 /source3/smbd
parent18482957daa2e2122ef39426a8fff167df3c9377 (diff)
downloadsamba-dbcd59f46b0d2125dfb6eb82b3d92be228c6ae4b.tar.gz
samba-dbcd59f46b0d2125dfb6eb82b3d92be228c6ae4b.tar.bz2
samba-dbcd59f46b0d2125dfb6eb82b3d92be228c6ae4b.zip
s3-smb2_server: fix ioctl InputOffset checking
Currently the InputOffset is always check to point to the input data buffer, regardless of whether input data is present. Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/smb2_ioctl.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c
index 491c3fd9cc..5a766e1b1a 100644
--- a/source3/smbd/smb2_ioctl.c
+++ b/source3/smbd/smb2_ioctl.c
@@ -68,7 +68,16 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req)
in_max_output_length = IVAL(inbody, 0x2C);
in_flags = IVAL(inbody, 0x30);
- if (in_input_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
+ /*
+ * InputOffset (4 bytes): The offset, in bytes, from the beginning of
+ * the SMB2 header to the input data buffer. If no input data is
+ * required for the FSCTL/IOCTL command being issued, the client SHOULD
+ * set this value to 0.<49>
+ * <49> If no input data is required for the FSCTL/IOCTL command being
+ * issued, Windows-based clients set this field to any value.
+ */
+ if ((in_input_length > 0)
+ && (in_input_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len))) {
return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
}