diff options
| -rw-r--r-- | source4/libcli/raw/rawreadwrite.c | 3 | ||||
| -rw-r--r-- | source4/libcli/smb2/request.c | 47 | ||||
| -rw-r--r-- | source4/smb_server/smb2/fileio.c | 5 | ||||
| -rw-r--r-- | source4/smb_server/smb2/find.c | 5 | ||||
| -rw-r--r-- | source4/smb_server/smb2/tcon.c | 5 | ||||
| -rw-r--r-- | source4/torture/smb2/getinfo.c | 10 | ||||
| -rw-r--r-- | source4/torture/smb2/util.c | 3 |
7 files changed, 63 insertions, 15 deletions
diff --git a/source4/libcli/raw/rawreadwrite.c b/source4/libcli/raw/rawreadwrite.c index 2005e36e04..9e4edaf99c 100644 --- a/source4/libcli/raw/rawreadwrite.c +++ b/source4/libcli/raw/rawreadwrite.c @@ -171,6 +171,9 @@ NTSTATUS smb_raw_read_recv(struct smbcli_request *req, union smb_read *parms) parms->readx.out.nread <= req->in.buffer + req->in.size) { req->in.data_size += (SVAL(req->in.vwv, VWV(7)) << 16); + + /* update the bufinfo with the new size */ + smb_setup_bufinfo(req); } } diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c index 7a0311f886..2471fcaa4d 100644 --- a/source4/libcli/smb2/request.c +++ b/source4/libcli/smb2/request.c @@ -206,6 +206,10 @@ bool smb2_request_is_ok(struct smb2_request *req) */ bool smb2_oob(struct smb2_request_buffer *buf, const uint8_t *ptr, size_t size) { + if (size == 0) { + /* zero bytes is never out of range */ + return false; + } /* be careful with wraparound! */ if (ptr < buf->body || ptr >= buf->body + buf->body_size || @@ -270,7 +274,7 @@ NTSTATUS smb2_pull_o16s16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ } ofs = SVAL(ptr, 0); size = SVAL(ptr, 2); - if (ofs == 0 || size == 0) { + if (ofs == 0) { *blob = data_blob(NULL, 0); return NT_STATUS_OK; } @@ -310,7 +314,10 @@ NTSTATUS smb2_push_o16s16_blob(struct smb2_request_buffer *buf, return NT_STATUS_BUFFER_TOO_SMALL; } - if (blob.length == 0) { + if (blob.data == NULL) { + if (blob.length != 0) { + return NT_STATUS_INTERNAL_ERROR; + } SSVAL(ptr, 0, 0); SSVAL(ptr, 2, 0); return NT_STATUS_OK; @@ -363,7 +370,10 @@ NTSTATUS smb2_push_o16s32_blob(struct smb2_request_buffer *buf, return NT_STATUS_BUFFER_TOO_SMALL; } - if (blob.length == 0) { + if (blob.data == NULL) { + if (blob.length != 0) { + return NT_STATUS_INTERNAL_ERROR; + } SSVAL(ptr, 0, 0); SIVAL(ptr, 2, 0); return NT_STATUS_OK; @@ -416,7 +426,10 @@ NTSTATUS smb2_push_o32s32_blob(struct smb2_request_buffer *buf, return NT_STATUS_BUFFER_TOO_SMALL; } - if (blob.length == 0) { + if (blob.data == NULL) { + if (blob.length != 0) { + return NT_STATUS_INTERNAL_ERROR; + } SIVAL(ptr, 0, 0); SIVAL(ptr, 4, 0); return NT_STATUS_OK; @@ -469,7 +482,10 @@ NTSTATUS smb2_push_s32o32_blob(struct smb2_request_buffer *buf, return NT_STATUS_BUFFER_TOO_SMALL; } - if (blob.length == 0) { + if (blob.data == NULL) { + if (blob.length != 0) { + return NT_STATUS_INTERNAL_ERROR; + } SIVAL(ptr, 0, 0); SIVAL(ptr, 4, 0); return NT_STATUS_OK; @@ -512,7 +528,7 @@ NTSTATUS smb2_pull_o16s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ } ofs = SVAL(ptr, 0); size = IVAL(ptr, 2); - if (ofs == 0 || size == 0) { + if (ofs == 0) { *blob = data_blob(NULL, 0); return NT_STATUS_OK; } @@ -536,7 +552,7 @@ NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ } ofs = IVAL(ptr, 0); size = IVAL(ptr, 4); - if (ofs == 0 || size == 0) { + if (ofs == 0) { *blob = data_blob(NULL, 0); return NT_STATUS_OK; } @@ -563,7 +579,7 @@ NTSTATUS smb2_pull_o16As32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem } ofs = SVAL(ptr, 0); size = IVAL(ptr, 4); - if (ofs == 0 || size == 0) { + if (ofs == 0) { *blob = data_blob(NULL, 0); return NT_STATUS_OK; } @@ -587,7 +603,7 @@ NTSTATUS smb2_pull_s32o32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ } size = IVAL(ptr, 0); ofs = IVAL(ptr, 4); - if (ofs == 0 || size == 0) { + if (ofs == 0) { *blob = data_blob(NULL, 0); return NT_STATUS_OK; } @@ -614,6 +630,11 @@ NTSTATUS smb2_pull_o16s16_string(struct smb2_request_buffer *buf, TALLOC_CTX *me status = smb2_pull_o16s16_blob(buf, mem_ctx, ptr, &blob); NT_STATUS_NOT_OK_RETURN(status); + if (blob.data == NULL) { + *str = NULL; + return NT_STATUS_OK; + } + if (blob.length == 0) { char *s; s = talloc_strdup(mem_ctx, ""); @@ -643,10 +664,16 @@ NTSTATUS smb2_push_o16s16_string(struct smb2_request_buffer *buf, NTSTATUS status; ssize_t size; - if (strcmp("", str) == 0) { + if (str == NULL) { return smb2_push_o16s16_blob(buf, ofs, data_blob(NULL, 0)); } + if (*str == 0) { + blob.data = str; + blob.length = 0; + return smb2_push_o16s16_blob(buf, ofs, blob); + } + size = convert_string_talloc(buf->buffer, lp_iconv_convenience(global_loadparm), CH_UNIX, CH_UTF16, str, strlen(str), (void **)&blob.data); if (size == -1) { diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c index 567243ba94..0e3df56b42 100644 --- a/source4/smb_server/smb2/fileio.c +++ b/source4/smb_server/smb2/fileio.c @@ -80,6 +80,11 @@ void smb2srv_create_recv(struct smb2srv_request *req) /* TODO: parse the blob */ ZERO_STRUCT(io->smb2.in.eas); + /* the VFS backend does not yet handle NULL filenames */ + if (io->smb2.in.fname == NULL) { + io->smb2.in.fname = ""; + } + SMB2SRV_CALL_NTVFS_BACKEND(ntvfs_open(req->ntvfs, io)); } diff --git a/source4/smb_server/smb2/find.c b/source4/smb_server/smb2/find.c index c594adf7a0..6018f1958f 100644 --- a/source4/smb_server/smb2/find.c +++ b/source4/smb_server/smb2/find.c @@ -161,6 +161,11 @@ void smb2srv_find_recv(struct smb2srv_request *req) SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, info, req->in.body+0x18, &info->in.pattern)); info->in.max_response_size = IVAL(req->in.body, 0x1C); + /* the VFS backend does not yet handle NULL patterns */ + if (info->in.pattern == NULL) { + info->in.pattern = ""; + } + SMB2SRV_CHECK_FILE_HANDLE(info->in.file.ntvfs); SMB2SRV_CALL_NTVFS_BACKEND(smb2srv_find_backend(state)); } diff --git a/source4/smb_server/smb2/tcon.c b/source4/smb_server/smb2/tcon.c index 50094b806d..7f7d558b16 100644 --- a/source4/smb_server/smb2/tcon.c +++ b/source4/smb_server/smb2/tcon.c @@ -394,6 +394,11 @@ void smb2srv_tcon_recv(struct smb2srv_request *req) io->smb2.in.reserved = SVAL(req->in.body, 0x02); SMB2SRV_CHECK(smb2_pull_o16s16_string(&req->in, io, req->in.body+0x04, &io->smb2.in.path)); + /* the VFS backend does not yet handle NULL paths */ + if (io->smb2.in.path == NULL) { + io->smb2.in.path = ""; + } + req->status = smb2srv_tcon_backend(req, io); if (req->control_flags & SMB2SRV_REQ_CTRL_FLAG_NOT_REPLY) { diff --git a/source4/torture/smb2/getinfo.c b/source4/torture/smb2/getinfo.c index f561b62d47..c47a26277c 100644 --- a/source4/torture/smb2/getinfo.c +++ b/source4/torture/smb2/getinfo.c @@ -51,7 +51,9 @@ static struct { { LEVEL(RAW_FILEINFO_COMPRESSION_INFORMATION) }, { LEVEL(RAW_FILEINFO_NETWORK_OPEN_INFORMATION) }, { LEVEL(RAW_FILEINFO_ATTRIBUTE_TAG_INFORMATION) }, - { LEVEL(RAW_FILEINFO_SMB2_ALL_EAS) }, +/* +disabled until we know how the alignment now works +{ LEVEL(RAW_FILEINFO_SMB2_ALL_EAS) }, */ { LEVEL(RAW_FILEINFO_SMB2_ALL_INFORMATION) }, { LEVEL(RAW_FILEINFO_SEC_DESC) } }; @@ -85,13 +87,13 @@ static bool torture_smb2_fileinfo(struct torture_context *tctx, struct smb2_tree status = torture_smb2_testfile(tree, FNAME, &hfile); if (!NT_STATUS_IS_OK(status)) { - printf("Unable to create test file '%s' - %s\n", FNAME, nt_errstr(status)); + printf(__location__ " Unable to create test file '%s' - %s\n", FNAME, nt_errstr(status)); goto failed; } status = torture_smb2_testdir(tree, DNAME, &hdir); if (!NT_STATUS_IS_OK(status)) { - printf("Unable to create test directory '%s' - %s\n", DNAME, nt_errstr(status)); + printf(__location__ " Unable to create test directory '%s' - %s\n", DNAME, nt_errstr(status)); goto failed; } @@ -150,7 +152,7 @@ static bool torture_smb2_fsinfo(struct smb2_tree *tree) printf("Testing fsinfo levels\n"); status = smb2_util_roothandle(tree, &handle); if (!NT_STATUS_IS_OK(status)) { - printf("Unable to create test directory '%s' - %s\n", DNAME, nt_errstr(status)); + printf(__location__ " Unable to create root handle - %s\n", nt_errstr(status)); return false; } diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c index 219c2140d3..f85b1c42ff 100644 --- a/source4/torture/smb2/util.c +++ b/source4/torture/smb2/util.c @@ -123,6 +123,7 @@ static NTSTATUS smb2_create_complex(struct smb2_tree *tree, const char *fname, io.in.create_disposition = NTCREATEX_DISP_CREATE; } + /* it seems vista is now fussier about alignment? */ if (strchr(fname, ':') == NULL) { /* setup some EAs */ io.in.eas.num_eas = 2; @@ -428,7 +429,7 @@ NTSTATUS smb2_util_roothandle(struct smb2_tree *tree, struct smb2_handle *handle io.in.create_disposition = NTCREATEX_DISP_OPEN; io.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE; io.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT; - io.in.fname = ""; + io.in.fname = NULL; status = smb2_create(tree, tree, &io); NT_STATUS_NOT_OK_RETURN(status); |