diff options
| author | Stefan Metzmacher <metze@samba.org> | 2012-08-05 20:48:51 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-08-06 20:02:32 +0200 |
| commit | fbd663c1437c104e9bc7f8f51fdef3747a111935 (patch) | |
| tree | fc30fa3c5cb7729f9c0c5a37d2dac9d0cd45003d /source3/smbd | |
| parent | 9e9d784def6f0465075e0f0ce6243daaab277d90 (diff) | |
| download | samba-fbd663c1437c104e9bc7f8f51fdef3747a111935.tar.gz samba-fbd663c1437c104e9bc7f8f51fdef3747a111935.tar.bz2 samba-fbd663c1437c104e9bc7f8f51fdef3747a111935.zip | |
s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_create()
metze
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/smb2_server.c | 43 |
1 files changed, 15 insertions, 28 deletions
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 7334f93f90..7002479246 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -285,15 +285,16 @@ inval: } static NTSTATUS smbd_smb2_request_create(struct smbd_server_connection *sconn, - const uint8_t *inbuf, size_t size, + uint8_t *inbuf, size_t size, struct smbd_smb2_request **_req) { struct smbd_smb2_request *req; uint32_t protocol_version; const uint8_t *inhdr = NULL; - off_t ofs = 0; uint16_t cmd; uint32_t next_command_ofs; + NTSTATUS status; + NTTIME now; if (size < (4 + SMB2_HDR_BODY + 2)) { DEBUG(0,("Invalid SMB2 packet length count %ld\n", (long)size)); @@ -331,36 +332,22 @@ static NTSTATUS smbd_smb2_request_create(struct smbd_server_connection *sconn, talloc_steal(req, inbuf); - req->in.vector = talloc_array(req, struct iovec, 4); - if (req->in.vector == NULL) { - TALLOC_FREE(req); - return NT_STATUS_NO_MEMORY; - } - req->in.vector_count = 4; - memcpy(req->in.nbt_hdr, inbuf, 4); - ofs = 0; - req->in.vector[0].iov_base = discard_const_p(void, req->in.nbt_hdr); - req->in.vector[0].iov_len = 4; - ofs += req->in.vector[0].iov_len; - - req->in.vector[1].iov_base = discard_const_p(void, (inbuf + ofs)); - req->in.vector[1].iov_len = SMB2_HDR_BODY; - ofs += req->in.vector[1].iov_len; - - req->in.vector[2].iov_base = discard_const_p(void, (inbuf + ofs)); - req->in.vector[2].iov_len = SVAL(inbuf, ofs) & 0xFFFE; - ofs += req->in.vector[2].iov_len; - - if (ofs > size) { - return NT_STATUS_INVALID_PARAMETER; + req->request_time = timeval_current(); + now = timeval_to_nttime(&req->request_time); + + status = smbd_smb2_inbuf_parse_compound(sconn->conn, + now, + inbuf + NBT_HDR_SIZE, + size - NBT_HDR_SIZE, + req, &req->in.vector, + &req->in.vector_count); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(req); + return status; } - req->in.vector[3].iov_base = discard_const_p(void, (inbuf + ofs)); - req->in.vector[3].iov_len = size - ofs; - ofs += req->in.vector[3].iov_len; - req->current_idx = 1; *_req = req; |