diff options
-rw-r--r-- | source3/libsmb/clirap.c | 31 | ||||
-rw-r--r-- | source3/libsmb/clirap.h | 4 | ||||
-rw-r--r-- | source3/torture/torture.c | 4 |
3 files changed, 30 insertions, 9 deletions
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index 731ddfb8c1..96003c1640 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -1064,23 +1064,44 @@ static bool parse_streams_blob(TALLOC_CTX *mem_ctx, const uint8_t *rdata, Send a qfileinfo QUERY_FILE_NAME_INFO call. ****************************************************************************/ -NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, char *name, - size_t namelen) +NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, + TALLOC_CTX *mem_ctx, char **_name) { + uint16_t recv_flags2; uint8_t *rdata; uint32_t num_rdata; NTSTATUS status; + char *name = NULL; + uint32_t namelen; status = cli_qfileinfo(talloc_tos(), cli, fnum, SMB_QUERY_FILE_NAME_INFO, - 4, cli->max_xmit, NULL, + 4, cli->max_xmit, &recv_flags2, &rdata, &num_rdata); if (!NT_STATUS_IS_OK(status)) { return status; } - clistr_pull((const char *)rdata, name, rdata+4, namelen, IVAL(rdata, 0), - STR_UNICODE); + namelen = IVAL(rdata, 0); + if (namelen > (num_rdata - 4)) { + TALLOC_FREE(rdata); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + clistr_pull_talloc(mem_ctx, + (const char *)rdata, + recv_flags2, + &name, + rdata + 4, + namelen, + STR_UNICODE); + if (name == NULL) { + status = map_nt_error_from_unix(errno); + TALLOC_FREE(rdata); + return status; + } + + *_name = name; TALLOC_FREE(rdata); return NT_STATUS_OK; } diff --git a/source3/libsmb/clirap.h b/source3/libsmb/clirap.h index 1716e17eec..de770dba7e 100644 --- a/source3/libsmb/clirap.h +++ b/source3/libsmb/clirap.h @@ -94,8 +94,8 @@ NTSTATUS cli_qpathinfo_streams(struct cli_state *cli, const char *fname, TALLOC_CTX *mem_ctx, unsigned int *pnum_streams, struct stream_struct **pstreams); -NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, char *name, - size_t namelen); +NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, + TALLOC_CTX *mem_ctx, char **name); NTSTATUS cli_qfileinfo_basic(struct cli_state *cli, uint16_t fnum, uint16 *mode, SMB_OFF_T *size, struct timespec *create_time, diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 4c9ef97dfa..7e2a5e7beb 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -3096,7 +3096,7 @@ static bool run_trans2test(int dummy) const char *fname = "\\trans2.tst"; const char *dname = "\\trans2"; const char *fname2 = "\\trans2\\trans2.tst"; - char pname[1024]; + char *pname; bool correct = True; NTSTATUS status; uint32_t fs_attr; @@ -3123,7 +3123,7 @@ static bool run_trans2test(int dummy) correct = False; } - status = cli_qfilename(cli, fnum, pname, sizeof(pname)); + status = cli_qfilename(cli, fnum, talloc_tos(), &pname); if (!NT_STATUS_IS_OK(status)) { printf("ERROR: qfilename failed (%s)\n", nt_errstr(status)); correct = False; |