diff options
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 3e79b420a9..c65401f1c4 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2221,11 +2221,28 @@ WERROR _srv_net_disk_enum(pipes_struct *p, SRV_Q_NET_DISK_ENUM *q_u, SRV_R_NET_D WERROR _srv_net_name_validate(pipes_struct *p, SRV_Q_NET_NAME_VALIDATE *q_u, SRV_R_NET_NAME_VALIDATE *r_u) { fstring sharename; + int len; + + if ((q_u->flags != 0x0) && (q_u->flags != 0x80000000)) { + return WERR_INVALID_PARAM; + } switch ( q_u->type ) { case 0x9: rpcstr_pull(sharename, q_u->sharename.buffer, sizeof(sharename), q_u->sharename.uni_str_len*2, 0); - if ( !validate_net_name( sharename, INVALID_SHARENAME_CHARS, sizeof(sharename) ) ) { + + len = strlen_m(sharename); + + if ((q_u->flags == 0x0) && (len > 81)) { + DEBUG(5,("_srv_net_name_validate: share name too long (%s > 81 chars)\n", sharename)); + return WERR_INVALID_NAME; + } + if ((q_u->flags == 0x80000000) && (len > 13)) { + DEBUG(5,("_srv_net_name_validate: share name too long (%s > 13 chars)\n", sharename)); + return WERR_INVALID_NAME; + } + + if ( ! validate_net_name( sharename, INVALID_SHARENAME_CHARS, sizeof(sharename) ) ) { DEBUG(5,("_srv_net_name_validate: Bad sharename \"%s\"\n", sharename)); return WERR_INVALID_NAME; } |