diff options
-rw-r--r-- | source3/smbd/smb2_create.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 99a5b38ed6..140c81b309 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -515,16 +515,32 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, } if (dh2c) { + uint32_t num_blobs_allowed; + if (dh2c->data.length != 36) { tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); return tevent_req_post(req, ev); } - if (in_context_blobs.num_blobs != 1) { - /* - * DH2C should be the only one. - * TODO: This is only true for the oplock case! - * For leases, lease request is required additionally! - */ + + /* + * According to MS-SMB2: 3.3.5.9.12, "Handling the + * SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context", + * we should fail the request with status + * OBJECT_NAME_NOT_FOUND if any other create blob has been + * provided. + * + * (Note that the cases of an additional dhnq, dhnc or dh2q + * blob which require a different error code, have been + * treated above.) + * + * TODO: + * This is only true for the oplock case: + * For leases, lease request is required additionally! + */ + + num_blobs_allowed = 1; + + if (in_context_blobs.num_blobs != num_blobs_allowed) { tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND); return tevent_req_post(req, ev); } |