summaryrefslogtreecommitdiff
path: root/source3/libsmb/clirap.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/libsmb/clirap.c')
-rw-r--r--source3/libsmb/clirap.c31
1 files changed, 26 insertions, 5 deletions
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 731ddfb8c1..96003c1640 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -1064,23 +1064,44 @@ static bool parse_streams_blob(TALLOC_CTX *mem_ctx, const uint8_t *rdata,
Send a qfileinfo QUERY_FILE_NAME_INFO call.
****************************************************************************/
-NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, char *name,
- size_t namelen)
+NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum,
+ TALLOC_CTX *mem_ctx, char **_name)
{
+ uint16_t recv_flags2;
uint8_t *rdata;
uint32_t num_rdata;
NTSTATUS status;
+ char *name = NULL;
+ uint32_t namelen;
status = cli_qfileinfo(talloc_tos(), cli, fnum,
SMB_QUERY_FILE_NAME_INFO,
- 4, cli->max_xmit, NULL,
+ 4, cli->max_xmit, &recv_flags2,
&rdata, &num_rdata);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- clistr_pull((const char *)rdata, name, rdata+4, namelen, IVAL(rdata, 0),
- STR_UNICODE);
+ namelen = IVAL(rdata, 0);
+ if (namelen > (num_rdata - 4)) {
+ TALLOC_FREE(rdata);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ clistr_pull_talloc(mem_ctx,
+ (const char *)rdata,
+ recv_flags2,
+ &name,
+ rdata + 4,
+ namelen,
+ STR_UNICODE);
+ if (name == NULL) {
+ status = map_nt_error_from_unix(errno);
+ TALLOC_FREE(rdata);
+ return status;
+ }
+
+ *_name = name;
TALLOC_FREE(rdata);
return NT_STATUS_OK;
}
generated by cgit (git 2.34.1) at 2024-07-29 05:18:25 +0000