summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/smb_server/smb2/receive.c19
1 files changed, 12 insertions, 7 deletions
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 4d513fd562..5831e07ad8 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -149,18 +149,22 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
uint32_t protocol_version;
uint16_t buffer_code;
uint32_t dynamic_size;
+ uint32_t flags;
+ uint32_t last_hdr_offset;
+
+ last_hdr_offset = p_req->in.hdr - p_req->in.buffer;
chain_offset = p_req->chain_offset;
p_req->chain_offset = 0;
- if (p_req->in.size < (NBT_HDR_SIZE + chain_offset + SMB2_MIN_SIZE_NO_BODY)) {
- DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X\n",
- chain_offset));
+ if (p_req->in.size < (last_hdr_offset + chain_offset + SMB2_MIN_SIZE_NO_BODY)) {
+ DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X from last hdr 0x%X\n",
+ chain_offset, last_hdr_offset));
smbsrv_terminate_connection(p_req->smb_conn, "Invalid SMB2 chained packet");
return;
}
- protocol_version = IVAL(p_req->in.buffer, NBT_HDR_SIZE + chain_offset);
+ protocol_version = IVAL(p_req->in.buffer, last_hdr_offset + chain_offset);
if (protocol_version != SMB2_MAGIC) {
DEBUG(2,("Invalid SMB chained packet: protocol prefix: 0x%08X\n",
protocol_version));
@@ -179,9 +183,9 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
req->request_time = p_req->request_time;
req->in.allocated = req->in.size;
- req->in.hdr = req->in.buffer+ NBT_HDR_SIZE + chain_offset;
+ req->in.hdr = req->in.buffer+ last_hdr_offset + chain_offset;
req->in.body = req->in.hdr + SMB2_HDR_BODY;
- req->in.body_size = req->in.size - (NBT_HDR_SIZE+ chain_offset + SMB2_HDR_BODY);
+ req->in.body_size = req->in.size - (last_hdr_offset+ chain_offset + SMB2_HDR_BODY);
req->in.dynamic = NULL;
req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID);
@@ -213,7 +217,8 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req)
smb2srv_setup_bufinfo(req);
- if (p_req->chained_file_handle) {
+ flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS);
+ if ((flags & SMB2_HDR_FLAG_CHAINED) && p_req->chained_file_handle) {
memcpy(req->_chained_file_handle,
p_req->_chained_file_handle,
sizeof(req->_chained_file_handle));