diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/ipc.c | 4 | ||||
-rw-r--r-- | source3/smbd/message.c | 12 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 3 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 3 | ||||
-rw-r--r-- | source3/smbd/reply.c | 27 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 43 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 6 |
7 files changed, 65 insertions, 33 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 6b647fc72b..ce26b53e1b 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -543,8 +543,8 @@ int reply_trans(connection_struct *conn, state->one_way = BITSETW(inbuf+smb_vwv5,1); memset(state->name, '\0',sizeof(state->name)); - srvstr_pull_buf(inbuf, state->name, smb_buf(inbuf), - sizeof(state->name), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), state->name, + smb_buf(inbuf), sizeof(state->name), STR_TERMINATE); if ((dscnt > state->total_data) || (pscnt > state->total_param)) goto bad_param; diff --git a/source3/smbd/message.c b/source3/smbd/message.c index e6a5015276..f390e539b0 100644 --- a/source3/smbd/message.c +++ b/source3/smbd/message.c @@ -134,8 +134,10 @@ int reply_sends(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, outsize = set_message(inbuf,outbuf,0,0,True); p = smb_buf(inbuf)+1; - p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; - p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p, + sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p, + sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; msg = p; @@ -176,8 +178,10 @@ int reply_sendstrt(connection_struct *conn, char *inbuf,char *outbuf, int dum_si msgpos = 0; p = smb_buf(inbuf)+1; - p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; - p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p, + sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p, + sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) ); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 7e17e3b938..782c90cba1 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -382,7 +382,8 @@ static int do_ntcreate_pipe_open(connection_struct *conn, char *p = NULL; uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); - srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), fname, smb_buf(inbuf), + sizeof(fname), STR_TERMINATE); if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) { return ret; diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index aba2fe69c5..1da2f0c22f 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -65,7 +65,8 @@ int reply_open_pipe_and_X(connection_struct *conn, int i; /* XXXX we need to handle passed times, sattr and flags */ - srvstr_pull_buf(inbuf, pipe_name, smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), pipe_name, + smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE); /* If the name doesn't start \PIPE\ then this is directed */ /* at a mailslot or something we really, really don't understand, */ diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 76265ed464..ac06f2fd6d 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -218,9 +218,11 @@ size_t srvstr_get_path_wcard(char *inbuf, char *dest, const char *src, size_t de #endif if (src_len == 0) { - ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags); + ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, flags); } else { - ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags); + ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, src_len, flags); } *contains_wcard = False; @@ -255,9 +257,11 @@ size_t srvstr_get_path(char *inbuf, char *dest, const char *src, size_t dest_len #endif if (src_len == 0) { - ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags); + ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, flags); } else { - ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags); + ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src, + dest_len, src_len, flags); } if (SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) { @@ -391,10 +395,13 @@ int reply_tcon(connection_struct *conn, *service_buf = *password = *dev = 0; p = smb_buf(inbuf)+1; - p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1; - pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), service_buf, p, + sizeof(service_buf), STR_TERMINATE) + 1; + pwlen = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), password, p, + sizeof(password), STR_TERMINATE) + 1; p += pwlen; - p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1; + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dev, p, sizeof(dev), + STR_TERMINATE) + 1; p = strrchr_m(service_buf,'\\'); if (p) { @@ -478,7 +485,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt p = smb_buf(inbuf) + passlen + 1; } - p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), path, p, + sizeof(path), STR_TERMINATE); /* * the service name can be either: \\server\share @@ -495,7 +503,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt else fstrcpy(service,path); - p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII); + p += srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), client_devicetype, p, + sizeof(client_devicetype), 6, STR_ASCII); DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service)); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 22c598a654..3ed338bda7 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1057,9 +1057,12 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf, #endif p2 = inbuf + smb_vwv13 + data_blob_len; - p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE); - p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE); - p2 += srvstr_pull_buf(inbuf, primary_domain, p2, sizeof(primary_domain), STR_TERMINATE); + p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os, p2, + sizeof(native_os), STR_TERMINATE); + p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_lanman, p2, + sizeof(native_lanman), STR_TERMINATE); + p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), primary_domain, p2, + sizeof(primary_domain), STR_TERMINATE); DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n", native_os, native_lanman, primary_domain)); @@ -1283,7 +1286,9 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, plaintext_password.data[passlen1] = 0; } - srvstr_pull_buf(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), STR_TERMINATE); + srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user, + smb_buf(inbuf)+passlen1, sizeof(user), + STR_TERMINATE); *domain = 0; } else { @@ -1363,21 +1368,28 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, if (unic && (passlen2 == 0) && passlen1) { /* Only a ascii plaintext password was sent. */ - srvstr_pull(inbuf, pass, smb_buf(inbuf), sizeof(pass), - passlen1, STR_TERMINATE|STR_ASCII); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass, + smb_buf(inbuf), sizeof(pass), + passlen1, STR_TERMINATE|STR_ASCII); } else { - srvstr_pull(inbuf, pass, smb_buf(inbuf), - sizeof(pass), unic ? passlen2 : passlen1, - STR_TERMINATE); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass, + smb_buf(inbuf), sizeof(pass), + unic ? passlen2 : passlen1, + STR_TERMINATE); } plaintext_password = data_blob(pass, strlen(pass)+1); } p += passlen1 + passlen2; - p += srvstr_pull_buf(inbuf, user, p, sizeof(user), STR_TERMINATE); - p += srvstr_pull_buf(inbuf, domain, p, sizeof(domain), STR_TERMINATE); - p += srvstr_pull_buf(inbuf, native_os, p, sizeof(native_os), STR_TERMINATE); - p += srvstr_pull_buf(inbuf, native_lanman, p, sizeof(native_lanman), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user, p, + sizeof(user), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), domain, p, + sizeof(domain), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os, + p, sizeof(native_os), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), + native_lanman, p, sizeof(native_lanman), + STR_TERMINATE); /* not documented or decoded by Ethereal but there is one more string in the extra bytes which is the same as the PrimaryDomain when using @@ -1387,7 +1399,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, byte_count = SVAL(inbuf, smb_vwv13); if ( PTR_DIFF(p, save_p) < byte_count) - p += srvstr_pull_buf(inbuf, primary_domain, p, sizeof(primary_domain), STR_TERMINATE); + p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), + primary_domain, p, + sizeof(primary_domain), + STR_TERMINATE); else fstrcpy( primary_domain, "null" ); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 8d4f505e09..2219ebd1c1 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -4530,7 +4530,8 @@ static NTSTATUS smb_set_file_unix_link(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } - srvstr_pull(inbuf, link_target, pdata, sizeof(link_target), total_data, STR_TERMINATE); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), link_target, pdata, + sizeof(link_target), total_data, STR_TERMINATE); /* !widelinks forces the target path to be within the share. */ /* This means we can interpret the target as a pathname. */ @@ -6366,7 +6367,8 @@ static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, char* if(!lp_host_msdfs()) return ERROR_DOS(ERRDOS,ERRbadfunc); - srvstr_pull(inbuf, pathname, ¶ms[2], sizeof(pathname), total_params - 2, STR_TERMINATE); + srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pathname, ¶ms[2], + sizeof(pathname), total_params - 2, STR_TERMINATE); if((reply_size = setup_dfs_referral(conn, pathname,max_referral_level,ppdata,&status)) < 0) return ERROR_NT(status); |