diff options
| -rw-r--r-- | libcli/smb/smb2cli_close.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_create.c | 13 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_echo.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_flush.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_ioctl.c | 13 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_query_directory.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_query_info.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_read.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_session.c | 6 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_set_info.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smb2cli_write.c | 3 | ||||
| -rw-r--r-- | libcli/smb/smbXcli_base.c | 7 | ||||
| -rw-r--r-- | libcli/smb/smbXcli_base.h | 3 | ||||
| -rw-r--r-- | source3/libsmb/smb2cli_tcon.c | 6 | ||||
| -rw-r--r-- | source4/libcli/smb2/transport.c | 9 |
15 files changed, 60 insertions, 21 deletions
diff --git a/libcli/smb/smb2cli_close.c b/libcli/smb/smb2cli_close.c index ed15a203d8..5e3105618a 100644 --- a/libcli/smb/smb2cli_close.c +++ b/libcli/smb/smb2cli_close.c @@ -60,7 +60,8 @@ struct tevent_req *smb2cli_close_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - NULL, 0); + NULL, 0, /* dyn* */ + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_create.c b/libcli/smb/smb2cli_create.c index 020a4685cb..3f8d67250c 100644 --- a/libcli/smb/smb2cli_create.c +++ b/libcli/smb/smb2cli_create.c @@ -62,6 +62,7 @@ struct tevent_req *smb2cli_create_send( size_t blobs_offset; uint8_t *dyn; size_t dyn_len; + size_t max_dyn_len; req = tevent_req_create(mem_ctx, &state, struct smb2cli_create_state); @@ -129,13 +130,23 @@ struct tevent_req *smb2cli_create_send( data_blob_free(&blob); } + /* + * We use max_dyn_len = 0 + * as we don't explicitly ask for any output length. + * + * But it's still possible for the server to return + * large create blobs. + */ + max_dyn_len = 0; + subreq = smb2cli_req_send(state, ev, conn, SMB2_OP_CREATE, 0, 0, /* flags */ timeout_msec, tcon, session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + max_dyn_len); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_echo.c b/libcli/smb/smb2cli_echo.c index 29cbf26115..39c592cebb 100644 --- a/libcli/smb/smb2cli_echo.c +++ b/libcli/smb/smb2cli_echo.c @@ -53,7 +53,8 @@ struct tevent_req *smb2cli_echo_send(TALLOC_CTX *mem_ctx, NULL, /* tcon */ NULL, /* session */ state->fixed, sizeof(state->fixed), - NULL, 0); + NULL, 0, /* dyn* */ + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_flush.c b/libcli/smb/smb2cli_flush.c index 0ca2699ce3..f014720ad0 100644 --- a/libcli/smb/smb2cli_flush.c +++ b/libcli/smb/smb2cli_flush.c @@ -58,7 +58,8 @@ struct tevent_req *smb2cli_flush_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - NULL, 0); + NULL, 0, /* dyn* */ + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c index 15a990c256..8de76359a1 100644 --- a/libcli/smb/smb2cli_ioctl.c +++ b/libcli/smb/smb2cli_ioctl.c @@ -61,6 +61,8 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx, uint32_t output_buffer_offset = 0; uint32_t output_buffer_length = 0; uint32_t pad_length = 0; + uint64_t tmp64; + uint32_t max_dyn_len = 0; req = tevent_req_create(mem_ctx, &state, struct smb2cli_ioctl_state); @@ -70,6 +72,14 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx, state->max_input_length = in_max_input_length; state->max_output_length = in_max_output_length; + tmp64 = in_max_input_length; + tmp64 += in_max_output_length; + if (tmp64 > UINT32_MAX) { + max_dyn_len = UINT32_MAX; + } else { + max_dyn_len = tmp64; + } + if (in_input_buffer) { input_buffer_offset = SMB2_HDR_BODY+0x38; input_buffer_length = in_input_buffer->length; @@ -139,7 +149,8 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + max_dyn_len); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_query_directory.c b/libcli/smb/smb2cli_query_directory.c index 32f5bee0c5..bccc529455 100644 --- a/libcli/smb/smb2cli_query_directory.c +++ b/libcli/smb/smb2cli_query_directory.c @@ -93,7 +93,8 @@ struct tevent_req *smb2cli_query_directory_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + outbuf_len); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_query_info.c b/libcli/smb/smb2cli_query_info.c index 9ec16b5c99..454f25a135 100644 --- a/libcli/smb/smb2cli_query_info.c +++ b/libcli/smb/smb2cli_query_info.c @@ -96,7 +96,8 @@ struct tevent_req *smb2cli_query_info_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + in_max_output_length); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_read.c b/libcli/smb/smb2cli_read.c index 0adb403794..4a3162265f 100644 --- a/libcli/smb/smb2cli_read.c +++ b/libcli/smb/smb2cli_read.c @@ -72,7 +72,8 @@ struct tevent_req *smb2cli_read_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - state->dyn_pad, sizeof(state->dyn_pad)); + state->dyn_pad, sizeof(state->dyn_pad), + length); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_session.c b/libcli/smb/smb2cli_session.c index 537c17111d..4418a0d68f 100644 --- a/libcli/smb/smb2cli_session.c +++ b/libcli/smb/smb2cli_session.c @@ -102,7 +102,8 @@ struct tevent_req *smb2cli_session_setup_send(TALLOC_CTX *mem_ctx, NULL, /* tcon */ session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + UINT16_MAX); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } @@ -258,7 +259,8 @@ struct tevent_req *smb2cli_logoff_send(TALLOC_CTX *mem_ctx, NULL, /* tcon */ session, state->fixed, sizeof(state->fixed), - NULL, 0); + NULL, 0, /* dyn* */ + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_set_info.c b/libcli/smb/smb2cli_set_info.c index d5c7e583f1..6871370428 100644 --- a/libcli/smb/smb2cli_set_info.c +++ b/libcli/smb/smb2cli_set_info.c @@ -88,7 +88,8 @@ struct tevent_req *smb2cli_set_info_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smb2cli_write.c b/libcli/smb/smb2cli_write.c index 89137bd5ba..6d0a0aaaec 100644 --- a/libcli/smb/smb2cli_write.c +++ b/libcli/smb/smb2cli_write.c @@ -82,7 +82,8 @@ struct tevent_req *smb2cli_write_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 0271691455..2562442f28 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -2984,11 +2984,11 @@ struct tevent_req *smb2cli_req_send(TALLOC_CTX *mem_ctx, const uint8_t *fixed, uint16_t fixed_len, const uint8_t *dyn, - uint32_t dyn_len) + uint32_t dyn_len, + uint32_t max_dyn_len) { struct tevent_req *req; NTSTATUS status; - uint32_t max_dyn_len = 0; req = smb2cli_req_create(mem_ctx, ev, conn, cmd, additional_flags, clear_flags, @@ -4260,7 +4260,8 @@ static struct tevent_req *smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta state->timeout_msec, NULL, NULL, /* tcon, session */ state->smb2.fixed, sizeof(state->smb2.fixed), - state->smb2.dyn, dialect_count*2); + state->smb2.dyn, dialect_count*2, + UINT16_MAX); /* max_dyn_len */ } static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index 017c0f059d..4ce39c0db1 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -242,7 +242,8 @@ struct tevent_req *smb2cli_req_send(TALLOC_CTX *mem_ctx, const uint8_t *fixed, uint16_t fixed_len, const uint8_t *dyn, - uint32_t dyn_len); + uint32_t dyn_len, + uint32_t max_dyn_len); NTSTATUS smb2cli_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct iovec **piov, const struct smb2cli_req_expected_response *expected, diff --git a/source3/libsmb/smb2cli_tcon.c b/source3/libsmb/smb2cli_tcon.c index ab97f8d0e1..b3136fac91 100644 --- a/source3/libsmb/smb2cli_tcon.c +++ b/source3/libsmb/smb2cli_tcon.c @@ -85,7 +85,8 @@ struct tevent_req *smb2cli_tcon_send(TALLOC_CTX *mem_ctx, NULL, /* tcon */ cli->smb2.session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } @@ -211,7 +212,8 @@ struct tevent_req *smb2cli_tdis_send(TALLOC_CTX *mem_ctx, cli->smb2.tcon, cli->smb2.session, state->fixed, sizeof(state->fixed), - NULL, 0); + NULL, 0, /* dyn* */ + 0); /* max_dyn_len */ if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index bdab523f4f..2ad16a9123 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -151,7 +151,8 @@ void smb2_transport_send(struct smb2_request *req) NULL, /* body */ 0, /* body_fixed */ NULL, /* dyn */ - 0); /* dyn_len */ + 0, /* dyn_len */ + 0); /* max_dyn_len */ if (subreq != NULL) { smbXcli_req_set_pending(subreq); tevent_req_set_callback(subreq, @@ -190,7 +191,8 @@ void smb2_transport_send(struct smb2_request *req) tcon, session, body.data, body.length, - dyn.data, dyn.length); + dyn.data, dyn.length, + 0); /* max_dyn_len */ if (req->subreq == NULL) { req->state = SMB2_REQUEST_ERROR; req->status = NT_STATUS_NO_MEMORY; @@ -347,7 +349,8 @@ static void smb2_transport_break_handler(struct tevent_req *subreq) NULL, /* body */ 0, /* body_fixed */ NULL, /* dyn */ - 0); /* dyn_len */ + 0, /* dyn_len */ + 0); /* max_dyn_len */ if (subreq != NULL) { smbXcli_req_set_pending(subreq); tevent_req_set_callback(subreq, |