diff options
-rw-r--r-- | source3/libsmb/clirap.c | 305 | ||||
-rw-r--r-- | source3/torture/torture.c | 2 |
2 files changed, 188 insertions, 119 deletions
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index c877dfa2ab..d8d8f2608c 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -1,19 +1,19 @@ -/* +/* Unix SMB/CIFS implementation. client RAP calls Copyright (C) Andrew Tridgell 1994-1998 Copyright (C) Gerald (Jerry) Carter 2004 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -24,21 +24,21 @@ Call a remote api on an arbitrary pipe. takes param, data and setup buffers. ****************************************************************************/ -bool cli_api_pipe(struct cli_state *cli, const char *pipe_name, +bool cli_api_pipe(struct cli_state *cli, const char *pipe_name, uint16 *setup, uint32 setup_count, uint32 max_setup_count, char *params, uint32 param_count, uint32 max_param_count, char *data, uint32 data_count, uint32 max_data_count, char **rparam, uint32 *rparam_count, char **rdata, uint32 *rdata_count) { - cli_send_trans(cli, SMBtrans, - pipe_name, + cli_send_trans(cli, SMBtrans, + pipe_name, 0,0, /* fid, flags */ setup, setup_count, max_setup_count, params, param_count, max_param_count, data, data_count, max_data_count); - return (cli_receive_trans(cli, SMBtrans, + return (cli_receive_trans(cli, SMBtrans, rparam, (unsigned int *)rparam_count, rdata, (unsigned int *)rdata_count)); } @@ -58,7 +58,7 @@ bool cli_api(struct cli_state *cli, 0,0, /* fid, flags */ NULL,0,0, /* Setup, length, max */ param, prcnt, mprcnt, /* Params, length, max */ - data, drcnt, mdrcnt /* Data, length, max */ + data, drcnt, mdrcnt /* Data, length, max */ ); return (cli_receive_trans(cli,SMBtrans, @@ -76,35 +76,35 @@ bool cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation) char *rdata = NULL; char *p; unsigned int rdrcnt,rprcnt; - pstring param; + char param[1024]; memset(param, 0, sizeof(param)); - + /* send a SMBtrans command with api NetWkstaUserLogon */ p = param; SSVAL(p,0,132); /* api number */ p += 2; - pstrcpy_base(p,"OOWb54WrLh",param); + strlcpy(p,"OOWb54WrLh",sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); - pstrcpy_base(p,"WB21BWDWWDDDDDDDzzzD",param); + strlcpy(p,"WB21BWDWWDDDDDDDzzzD",sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); SSVAL(p,0,1); p += 2; - pstrcpy_base(p,user,param); + strlcpy(p,user,sizeof(param)-PTR_DIFF(p,param)); strupper_m(p); p += 21; p++; p += 15; - p++; - pstrcpy_base(p, workstation, param); + p++; + strlcpy(p, workstation,sizeof(param)-PTR_DIFF(p,param)); strupper_m(p); p += 16; SSVAL(p, 0, CLI_BUFFER_SIZE); p += 2; SSVAL(p, 0, CLI_BUFFER_SIZE); p += 2; - - if (cli_api(cli, + + if (cli_api(cli, param, PTR_DIFF(p,param),1024, /* param, length, max */ NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */ &rparam, &rprcnt, /* return params, return size */ @@ -112,7 +112,7 @@ bool cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation) )) { cli->rap_error = rparam? SVAL(rparam,0) : -1; p = rdata; - + if (cli->rap_error == 0) { DEBUG(4,("NetWkstaUserLogon success\n")); cli->privileges = SVAL(p, 24); @@ -122,7 +122,7 @@ bool cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation) DEBUG(1,("NetwkstaUserLogon gave error %d\n", cli->rap_error)); } } - + SAFE_FREE(rparam); SAFE_FREE(rdata); return (cli->rap_error == 0); @@ -138,16 +138,16 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, co char *rdata = NULL; char *p; unsigned int rdrcnt,rprcnt; - pstring param; + char param[1024]; int count = -1; /* now send a SMBtrans command with api RNetShareEnum */ p = param; SSVAL(p,0,0); /* api number */ p += 2; - pstrcpy_base(p,"WrLeh",param); + strlcpy(p,"WrLeh",sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); - pstrcpy_base(p,"B13BWz",param); + strlcpy(p,"B13BWz",sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); SSVAL(p,0,1); /* @@ -156,44 +156,77 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, co */ SSVAL(p,2,0xFFE0); p += 4; - - if (cli_api(cli, + + if (cli_api(cli, param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */ NULL, 0, 0xFFE0, /* data, length, maxlen - Win2k needs a small buffer here too ! */ &rparam, &rprcnt, /* return params, length */ &rdata, &rdrcnt)) /* return data, length */ { int res = rparam? SVAL(rparam,0) : -1; - + if (res == 0 || res == ERRmoredata) { int converter=SVAL(rparam,2); int i; - + char *rdata_end = rdata + rdrcnt; + count=SVAL(rparam,4); p = rdata; - - for (i=0;i<count;i++,p+=20) { - char *sname = p; - int type = SVAL(p,14); - int comment_offset = IVAL(p,16) & 0xFFFF; - const char *cmnt = comment_offset?(rdata+comment_offset-converter):""; - pstring s1, s2; - pull_ascii_pstring(s1, sname); - pull_ascii_pstring(s2, cmnt); + for (i=0;i<count;i++,p+=20) { + char *sname; + int type; + int comment_offset; + const char *cmnt; + const char *p1; + char *s1, *s2; + size_t len; + TALLOC_CTX *frame = talloc_stackframe(); + + if (p + 20 > rdata_end) { + TALLOC_FREE(frame); + break; + } + + sname = p; + type = SVAL(p,14); + comment_offset = IVAL(p,16) & 0xFFFF; + if (comment_offset < 0 || comment_offset > (int)rdrcnt) { + TALLOC_FREE(frame); + break; + } + cmnt = comment_offset?(rdata+comment_offset-converter):""; + + /* Work out the comment length. */ + for (p1 = cmnt, len = 0; *p1 && + p1 < rdata_end; len++) + p1++; + if (!*p1) { + len++; + } + pull_string_talloc(frame,rdata,0, + &s1,sname,14,STR_ASCII); + pull_string_talloc(frame,rdata,0, + &s2,cmnt,len,STR_ASCII); + if (!s1 || !s2) { + TALLOC_FREE(frame); + continue; + } fn(s1, type, s2, state); + + TALLOC_FREE(frame); } } else { DEBUG(4,("NetShareEnum res=%d\n", res)); - } + } } else { DEBUG(4,("NetShareEnum failed\n")); } - + SAFE_FREE(rparam); SAFE_FREE(rdata); - + return count; } @@ -213,7 +246,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, char *rdata = NULL; unsigned int rdrcnt,rprcnt; char *p; - pstring param; + char param[1024]; int uLevel = 1; int count = -1; size_t len; @@ -224,10 +257,10 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, p = param; SSVAL(p,0,0x68); /* api number */ p += 2; - pstrcpy_base(p,"WrLehDz", param); + strlcpy(p,"WrLehDz", sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); - - pstrcpy_base(p,"B16BBDz", param); + + strlcpy(p,"B16BBDz", sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); SSVAL(p,0,uLevel); @@ -236,20 +269,22 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, SIVAL(p,0,stype); p += 4; - len = push_ascii(p, workgroup, sizeof(pstring)-PTR_DIFF(p,param)-1, STR_TERMINATE|STR_UPPER); + len = push_ascii(p, workgroup, sizeof(param)-PTR_DIFF(p,param)-1, + STR_TERMINATE|STR_UPPER); if (len == (size_t)-1) { return false; } p += len; - - if (cli_api(cli, + + if (cli_api(cli, param, PTR_DIFF(p,param), 8, /* params, length, max */ NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */ &rparam, &rprcnt, /* return params, return size */ &rdata, &rdrcnt /* return data, return size */ )) { int res = rparam? SVAL(rparam,0) : -1; - + char *rdata_end = rdata + rdrcnt; + if (res == 0 || res == ERRmoredata || (res != -1 && cli_errno(cli) == 0)) { int i; @@ -257,24 +292,55 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, count=SVAL(rparam,4); p = rdata; - + for (i = 0;i < count;i++, p += 26) { - char *sname = p; - int comment_offset = (IVAL(p,22) & 0xFFFF)-converter; - const char *cmnt = comment_offset?(rdata+comment_offset):""; - pstring s1, s2; + char *sname; + int comment_offset; + const char *cmnt; + const char *p1; + char *s1, *s2; + TALLOC_CTX *frame = talloc_stackframe(); + + if (p + 26 > rdata_end) { + TALLOC_FREE(frame); + break; + } + + sname = p; + comment_offset = (IVAL(p,22) & 0xFFFF)-converter; + cmnt = comment_offset?(rdata+comment_offset):""; - if (comment_offset < 0 || comment_offset > (int)rdrcnt) continue; + if (comment_offset < 0 || comment_offset > (int)rdrcnt) { + TALLOC_FREE(frame); + continue; + } + + /* Work out the comment length. */ + for (p1 = cmnt, len = 0; *p1 && + p1 < rdata_end; len++) + p1++; + if (!*p1) { + len++; + } stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY; - pull_ascii_pstring(s1, sname); - pull_ascii_pstring(s2, cmnt); + pull_string_talloc(frame,rdata,0, + &s1,sname,16,STR_ASCII); + pull_string_talloc(frame,rdata,0, + &s2,cmnt,len,STR_ASCII); + + if (!s1 || !s2) { + TALLOC_FREE(frame); + continue; + } + fn(s1, stype, s2, state); + TALLOC_FREE(frame); } } } - + SAFE_FREE(rparam); SAFE_FREE(rdata); @@ -282,13 +348,13 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, errno = cli_errno(cli); } else { if (!count) { - /* this is a very special case, when the domain master for the + /* this is a very special case, when the domain master for the work group isn't part of the work group itself, there is something wild going on */ errno = ENOENT; } } - + return(count > 0); } @@ -299,7 +365,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, bool cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password, const char *old_password) { - pstring param; + char param[1024]; unsigned char data[532]; char *p = param; unsigned char old_pw_hash[16]; @@ -317,11 +383,11 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char SSVAL(p,0,214); /* SamOEMChangePassword command. */ p += 2; - pstrcpy_base(p, "zsT", param); + strlcpy(p, "zsT", sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); - pstrcpy_base(p, "B516B16", param); + strlcpy(p, "B516B16", sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); - pstrcpy_base(p,user, param); + strlcpy(p,user, sizeof(param)-PTR_DIFF(p,param)); p = skip_string(param,sizeof(param),p); SSVAL(p,0,532); p += 2; @@ -335,14 +401,14 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char E_deshash(old_password, old_pw_hash); encode_pw_buffer(data, new_password, STR_ASCII); - + #ifdef DEBUG_PASSWORD DEBUG(100,("make_oem_passwd_hash\n")); dump_data(100, data, 516); #endif SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, 516); - /* + /* * Now place the old password hash in the data. */ E_deshash(new_password, new_pw_hash); @@ -350,7 +416,7 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char E_old_pw_hash( new_pw_hash, old_pw_hash, (uchar *)&data[516]); data_len = 532; - + if (cli_send_trans(cli,SMBtrans, PIPE_LANMAN, /* name */ 0,0, /* fid, flags */ @@ -370,11 +436,11 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char user )); return False; } - + if (rparam) { cli->rap_error = SVAL(rparam,0); } - + SAFE_FREE(rparam); SAFE_FREE(rdata); @@ -385,17 +451,17 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char Send a qpathinfo call. ****************************************************************************/ -bool cli_qpathinfo(struct cli_state *cli, const char *fname, +bool cli_qpathinfo(struct cli_state *cli, const char *fname, time_t *change_time, time_t *access_time, - time_t *write_time, + time_t *write_time, SMB_OFF_T *size, uint16 *mode) { unsigned int data_len = 0; unsigned int param_len = 0; unsigned int rparam_len, rdata_len; uint16 setup = TRANSACT2_QPATHINFO; - pstring param; + char param[1024]; char *rparam=NULL, *rdata=NULL; int count=8; bool ret; @@ -406,19 +472,19 @@ bool cli_qpathinfo(struct cli_state *cli, const char *fname, memset(p, 0, 6); SSVAL(p, 0, SMB_INFO_STANDARD); p += 6; - p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE); + p += clistr_push(cli, p, fname, sizeof(param)-6, STR_TERMINATE); param_len = PTR_DIFF(p, param); do { - ret = (cli_send_trans(cli, SMBtrans2, + ret = (cli_send_trans(cli, SMBtrans2, NULL, /* Name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ param, param_len, 10, /* param, length, max */ NULL, data_len, cli->max_xmit /* data, length, max */ ) && - cli_receive_trans(cli, SMBtrans2, + cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_len, &rdata, &rdata_len)); if (!cli_is_dos_error(cli)) break; @@ -468,7 +534,7 @@ bool cli_qpathinfo(struct cli_state *cli, const char *fname, Send a setpathinfo call. ****************************************************************************/ -bool cli_setpathinfo(struct cli_state *cli, const char *fname, +bool cli_setpathinfo(struct cli_state *cli, const char *fname, time_t create_time, time_t access_time, time_t write_time, @@ -479,8 +545,8 @@ bool cli_setpathinfo(struct cli_state *cli, const char *fname, unsigned int param_len = 0; unsigned int rparam_len, rdata_len; uint16 setup = TRANSACT2_SETPATHINFO; - pstring param; - pstring data; + char param[1024]; + char data[1024]; char *rparam=NULL, *rdata=NULL; int count=8; bool ret; @@ -498,7 +564,7 @@ bool cli_setpathinfo(struct cli_state *cli, const char *fname, p += 6; /* Add the file name */ - p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE); + p += clistr_push(cli, p, fname, sizeof(param)-6, STR_TERMINATE); param_len = PTR_DIFF(p, param); @@ -507,16 +573,15 @@ bool cli_setpathinfo(struct cli_state *cli, const char *fname, /* * Add the create, last access, modification, and status change times */ - put_long_date(p, create_time); p += 8; put_long_date(p, access_time); p += 8; - + put_long_date(p, write_time); p += 8; - + put_long_date(p, change_time); p += 8; @@ -531,14 +596,14 @@ bool cli_setpathinfo(struct cli_state *cli, const char *fname, data_len = PTR_DIFF(p, data); do { - ret = (cli_send_trans(cli, SMBtrans2, + ret = (cli_send_trans(cli, SMBtrans2, NULL, /* Name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ param, param_len, 10, /* param, length, max */ data, data_len, cli->max_xmit /* data, length, max */ ) && - cli_receive_trans(cli, SMBtrans2, + cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_len, &rdata, &rdata_len)); if (!cli_is_dos_error(cli)) break; @@ -566,10 +631,10 @@ bool cli_setpathinfo(struct cli_state *cli, const char *fname, Send a qpathinfo call with the SMB_QUERY_FILE_ALL_INFO info level. ****************************************************************************/ -bool cli_qpathinfo2(struct cli_state *cli, const char *fname, +bool cli_qpathinfo2(struct cli_state *cli, const char *fname, struct timespec *create_time, struct timespec *access_time, - struct timespec *write_time, + struct timespec *write_time, struct timespec *change_time, SMB_OFF_T *size, uint16 *mode, SMB_INO_T *ino) @@ -577,7 +642,7 @@ bool cli_qpathinfo2(struct cli_state *cli, const char *fname, unsigned int data_len = 0; unsigned int param_len = 0; uint16 setup = TRANSACT2_QPATHINFO; - pstring param; + char param[1024]; char *rparam=NULL, *rdata=NULL; char *p; @@ -585,11 +650,11 @@ bool cli_qpathinfo2(struct cli_state *cli, const char *fname, memset(p, 0, 6); SSVAL(p, 0, SMB_QUERY_FILE_ALL_INFO); p += 6; - p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE); + p += clistr_push(cli, p, fname, sizeof(param)-6, STR_TERMINATE); param_len = PTR_DIFF(p, param); - if (!cli_send_trans(cli, SMBtrans2, + if (!cli_send_trans(cli, SMBtrans2, NULL, /* name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ @@ -608,7 +673,7 @@ bool cli_qpathinfo2(struct cli_state *cli, const char *fname, if (!rdata || data_len < 22) { return False; } - + if (create_time) { *create_time = interpret_long_date(rdata+0); } @@ -640,21 +705,19 @@ bool cli_qpathinfo2(struct cli_state *cli, const char *fname, Send a qfileinfo QUERY_FILE_NAME_INFO call. ****************************************************************************/ -bool cli_qfilename(struct cli_state *cli, int fnum, - pstring name) +bool cli_qfilename(struct cli_state *cli, int fnum, char *name, size_t namelen) { unsigned int data_len = 0; unsigned int param_len = 0; uint16 setup = TRANSACT2_QFILEINFO; - pstring param; + char param[4]; char *rparam=NULL, *rdata=NULL; param_len = 4; - memset(param, 0, param_len); SSVAL(param, 0, fnum); SSVAL(param, 2, SMB_QUERY_FILE_NAME_INFO); - if (!cli_send_trans(cli, SMBtrans2, + if (!cli_send_trans(cli, SMBtrans2, NULL, /* name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ @@ -674,7 +737,7 @@ bool cli_qfilename(struct cli_state *cli, int fnum, return False; } - clistr_pull(cli, name, rdata+4, sizeof(pstring), IVAL(rdata, 0), STR_UNICODE); + clistr_pull(cli, name, rdata+4, namelen, IVAL(rdata, 0), STR_UNICODE); return True; } @@ -683,18 +746,18 @@ bool cli_qfilename(struct cli_state *cli, int fnum, Send a qfileinfo call. ****************************************************************************/ -bool cli_qfileinfo(struct cli_state *cli, int fnum, +bool cli_qfileinfo(struct cli_state *cli, int fnum, uint16 *mode, SMB_OFF_T *size, struct timespec *create_time, struct timespec *access_time, - struct timespec *write_time, + struct timespec *write_time, struct timespec *change_time, SMB_INO_T *ino) { unsigned int data_len = 0; unsigned int param_len = 0; uint16 setup = TRANSACT2_QFILEINFO; - pstring param; + char param[4]; char *rparam=NULL, *rdata=NULL; /* if its a win95 server then fail this - win95 totally screws it @@ -703,11 +766,10 @@ bool cli_qfileinfo(struct cli_state *cli, int fnum, param_len = 4; - memset(param, 0, param_len); SSVAL(param, 0, fnum); SSVAL(param, 2, SMB_QUERY_FILE_ALL_INFO); - if (!cli_send_trans(cli, SMBtrans2, + if (!cli_send_trans(cli, SMBtrans2, NULL, /* name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ @@ -758,32 +820,40 @@ bool cli_qfileinfo(struct cli_state *cli, int fnum, Send a qpathinfo BASIC_INFO call. ****************************************************************************/ -bool cli_qpathinfo_basic( struct cli_state *cli, const char *name, +bool cli_qpathinfo_basic( struct cli_state *cli, const char *name, SMB_STRUCT_STAT *sbuf, uint32 *attributes ) { unsigned int param_len = 0; unsigned int data_len = 0; uint16 setup = TRANSACT2_QPATHINFO; - char param[sizeof(pstring)+6]; + char param[1024+6]; char *rparam=NULL, *rdata=NULL; char *p; - pstring path; + char *path; int len; - - pstrcpy( path, name ); + TALLOC_CTX *frame = talloc_stackframe(); + + path = talloc_strdup(frame, name); + if (!path) { + TALLOC_FREE(frame); + return false; + } /* cleanup */ - - len = strlen( path ); - if ( path[len-1] == '\\' || path[len-1] == '/') + + len = strlen(path); + if ( path[len-1] == '\\' || path[len-1] == '/') { path[len-1] = '\0'; + } p = param; memset(p, 0, 6); SSVAL(p, 0, SMB_QUERY_FILE_BASIC_INFO); p += 6; - p += clistr_push(cli, p, path, sizeof(pstring)-6, STR_TERMINATE); + p += clistr_push(cli, p, path, sizeof(param)-6, STR_TERMINATE); param_len = PTR_DIFF(p, param); + TALLOC_FREE(frame); + if (!cli_send_trans(cli, SMBtrans2, NULL, /* name */ -1, 0, /* fid, flags */ @@ -809,12 +879,12 @@ bool cli_qpathinfo_basic( struct cli_state *cli, const char *name, set_atimespec(sbuf, interpret_long_date( rdata+8 )); /* Access time. */ set_mtimespec(sbuf, interpret_long_date( rdata+16 )); /* Write time. */ set_ctimespec(sbuf, interpret_long_date( rdata+24 )); /* Change time. */ - + *attributes = IVAL( rdata, 32 ); - + SAFE_FREE(rparam); SAFE_FREE(rdata); - + return True; } @@ -827,7 +897,7 @@ bool cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char **poutd unsigned int data_len = 0; unsigned int param_len = 0; uint16 setup = TRANSACT2_QFILEINFO; - pstring param; + char param[4]; char *rparam=NULL, *rdata=NULL; *poutdata = NULL; @@ -840,11 +910,10 @@ bool cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char **poutd param_len = 4; - memset(param, 0, param_len); SSVAL(param, 0, fnum); SSVAL(param, 2, level); - if (!cli_send_trans(cli, SMBtrans2, + if (!cli_send_trans(cli, SMBtrans2, NULL, /* name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ @@ -883,7 +952,7 @@ NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstrin unsigned int data_len = 0; unsigned int param_len = 0; uint16 setup = TRANSACT2_QPATHINFO; - pstring param; + char param[1024+6]; char *rparam=NULL, *rdata=NULL; int count=8; char *p; @@ -894,19 +963,19 @@ NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstrin memset(p, 0, 6); SSVAL(p, 0, SMB_QUERY_FILE_ALT_NAME_INFO); p += 6; - p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE); + p += clistr_push(cli, p, fname, sizeof(param)-6, STR_TERMINATE); param_len = PTR_DIFF(p, param); do { - ret = (cli_send_trans(cli, SMBtrans2, + ret = (cli_send_trans(cli, SMBtrans2, NULL, /* Name */ -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ param, param_len, 10, /* param, length, max */ NULL, data_len, cli->max_xmit /* data, length, max */ ) && - cli_receive_trans(cli, SMBtrans2, + cli_receive_trans(cli, SMBtrans2, &rparam, ¶m_len, &rdata, &data_len)); if (!ret && cli_is_dos_error(cli)) { diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 88711ef677..90221f850e 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -2498,7 +2498,7 @@ static bool run_trans2test(int dummy) correct = False; } - if (!cli_qfilename(cli, fnum, pname)) { + if (!cli_qfilename(cli, fnum, pname, sizeof(pname))) { printf("ERROR: qfilename failed (%s)\n", cli_errstr(cli)); correct = False; } |