summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-02-20 09:08:16 +0100
committerStefan Metzmacher <metze@samba.org>2010-02-24 11:55:36 +0100
commit911287285cc4c8485b75edfad3c1ece901a69b0b (patch)
tree6f0517afeb378ac6b925ae1e56446a38e852e280 /source3
parent1b78573c2d70b896e1ed3853f596e34523f6f227 (diff)
downloadsamba-911287285cc4c8485b75edfad3c1ece901a69b0b.tar.gz
samba-911287285cc4c8485b75edfad3c1ece901a69b0b.tar.bz2
samba-911287285cc4c8485b75edfad3c1ece901a69b0b.zip
s3:rpc_transport_np: handle trans rdata like the output of a normal read
Inspired by bug #7159. metze
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_client/rpc_transport_np.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c
index 623a8b37cf..de734fe17d 100644
--- a/source3/rpc_client/rpc_transport_np.c
+++ b/source3/rpc_client/rpc_transport_np.c
@@ -206,6 +206,7 @@ static NTSTATUS rpc_np_read_recv(struct tevent_req *req, ssize_t *preceived)
struct rpc_np_trans_state {
uint16_t setup[2];
+ uint32_t max_rdata_len;
uint8_t *rdata;
uint32_t rdata_len;
};
@@ -228,6 +229,8 @@ static struct tevent_req *rpc_np_trans_send(TALLOC_CTX *mem_ctx,
return NULL;
}
+ state->max_rdata_len = max_rdata_len;
+
SSVAL(state->setup+0, 0, TRANSACT_DCERPCCMD);
SSVAL(state->setup+1, 0, np_transport->fnum);
@@ -257,10 +260,24 @@ static void rpc_np_trans_done(struct tevent_req *subreq)
status = cli_trans_recv(subreq, state, NULL, 0, NULL, NULL, 0, NULL,
&state->rdata, 0, &state->rdata_len);
TALLOC_FREE(subreq);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
+ status = NT_STATUS_OK;
+ }
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
return;
}
+
+ if (state->rdata_len > state->max_rdata_len) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (state->rdata_len == 0) {
+ tevent_req_nterror(req, NT_STATUS_PIPE_BROKEN);
+ return;
+ }
+
tevent_req_done(req);
}