summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libsmb/clirap.c31
-rw-r--r--source3/libsmb/clirap.h4
-rw-r--r--source3/torture/torture.c4
3 files changed, 30 insertions, 9 deletions
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 731ddfb8c1..96003c1640 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -1064,23 +1064,44 @@ static bool parse_streams_blob(TALLOC_CTX *mem_ctx, const uint8_t *rdata,
Send a qfileinfo QUERY_FILE_NAME_INFO call.
****************************************************************************/
-NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, char *name,
- size_t namelen)
+NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum,
+ TALLOC_CTX *mem_ctx, char **_name)
{
+ uint16_t recv_flags2;
uint8_t *rdata;
uint32_t num_rdata;
NTSTATUS status;
+ char *name = NULL;
+ uint32_t namelen;
status = cli_qfileinfo(talloc_tos(), cli, fnum,
SMB_QUERY_FILE_NAME_INFO,
- 4, cli->max_xmit, NULL,
+ 4, cli->max_xmit, &recv_flags2,
&rdata, &num_rdata);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- clistr_pull((const char *)rdata, name, rdata+4, namelen, IVAL(rdata, 0),
- STR_UNICODE);
+ namelen = IVAL(rdata, 0);
+ if (namelen > (num_rdata - 4)) {
+ TALLOC_FREE(rdata);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ clistr_pull_talloc(mem_ctx,
+ (const char *)rdata,
+ recv_flags2,
+ &name,
+ rdata + 4,
+ namelen,
+ STR_UNICODE);
+ if (name == NULL) {
+ status = map_nt_error_from_unix(errno);
+ TALLOC_FREE(rdata);
+ return status;
+ }
+
+ *_name = name;
TALLOC_FREE(rdata);
return NT_STATUS_OK;
}
diff --git a/source3/libsmb/clirap.h b/source3/libsmb/clirap.h
index 1716e17eec..de770dba7e 100644
--- a/source3/libsmb/clirap.h
+++ b/source3/libsmb/clirap.h
@@ -94,8 +94,8 @@ NTSTATUS cli_qpathinfo_streams(struct cli_state *cli, const char *fname,
TALLOC_CTX *mem_ctx,
unsigned int *pnum_streams,
struct stream_struct **pstreams);
-NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, char *name,
- size_t namelen);
+NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum,
+ TALLOC_CTX *mem_ctx, char **name);
NTSTATUS cli_qfileinfo_basic(struct cli_state *cli, uint16_t fnum,
uint16 *mode, SMB_OFF_T *size,
struct timespec *create_time,
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 4c9ef97dfa..7e2a5e7beb 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -3096,7 +3096,7 @@ static bool run_trans2test(int dummy)
const char *fname = "\\trans2.tst";
const char *dname = "\\trans2";
const char *fname2 = "\\trans2\\trans2.tst";
- char pname[1024];
+ char *pname;
bool correct = True;
NTSTATUS status;
uint32_t fs_attr;
@@ -3123,7 +3123,7 @@ static bool run_trans2test(int dummy)
correct = False;
}
- status = cli_qfilename(cli, fnum, pname, sizeof(pname));
+ status = cli_qfilename(cli, fnum, talloc_tos(), &pname);
if (!NT_STATUS_IS_OK(status)) {
printf("ERROR: qfilename failed (%s)\n", nt_errstr(status));
correct = False;