diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 4 | ||||
-rw-r--r-- | source3/include/safe_string.h | 12 | ||||
-rw-r--r-- | source3/libsmb/cliconnect.c | 38 | ||||
-rw-r--r-- | source3/libsmb/clidfs.c | 7 | ||||
-rw-r--r-- | source3/libsmb/clifile.c | 10 | ||||
-rw-r--r-- | source3/libsmb/clifsinfo.c | 6 | ||||
-rw-r--r-- | source3/libsmb/clilist.c | 10 | ||||
-rw-r--r-- | source3/libsmb/clirap.c | 6 | ||||
-rw-r--r-- | source3/libsmb/clistr.c | 12 | ||||
-rw-r--r-- | source3/smbd/process.c | 12 |
10 files changed, 75 insertions, 42 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 1414ba89ec..8838419705 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2825,7 +2825,7 @@ size_t clistr_push_fn(const char *function, int flags); size_t clistr_pull_fn(const char *function, unsigned int line, - struct cli_state *cli, + const char *inbuf, char *dest, const void *src, int dest_len, @@ -2834,7 +2834,7 @@ size_t clistr_pull_fn(const char *function, size_t clistr_pull_talloc_fn(const char *function, unsigned int line, TALLOC_CTX *ctx, - struct cli_state *cli, + const char *inbuf, char **pp_dest, const void *src, int src_len, diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h index c030acf8fd..a7230964c9 100644 --- a/source3/include/safe_string.h +++ b/source3/include/safe_string.h @@ -146,13 +146,13 @@ size_t __unsafe_string_function_usage_here_char__(void); clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ cli, dest, src, dest_len, flags) -#define clistr_pull(cli, dest, src, dest_len, src_len, flags) \ +#define clistr_pull(inbuf, dest, src, dest_len, src_len, flags) \ clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - cli, dest, src, dest_len, src_len, flags) + inbuf, dest, src, dest_len, src_len, flags) -#define clistr_pull_talloc(ctx, cli, pp_dest, src, src_len, flags) \ +#define clistr_pull_talloc(ctx, inbuf, pp_dest, src, src_len, flags) \ clistr_pull_talloc_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ - ctx, cli, pp_dest, src, src_len, flags) + ctx, inbuf, pp_dest, src, src_len, flags) #define srvstr_push(base_ptr, smb_flags2, dest, src, dest_len, flags) \ srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \ @@ -200,10 +200,10 @@ size_t __unsafe_string_function_usage_here_char__(void); ? __unsafe_string_function_usage_here_size_t__() \ : clistr_push_fn(fn_name, fn_line, cli, dest, src, dest_len, flags)) -#define clistr_pull_fn2(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags) \ +#define clistr_pull_fn2(fn_name, fn_line, inbuf, dest, src, dest_len, srclen, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ ? __unsafe_string_function_usage_here_size_t__() \ - : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags)) + : clistr_pull_fn(fn_name, fn_line, inbuf, dest, src, dest_len, srclen, flags)) #define srvstr_push_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, flags) \ (CHECK_STRING_SIZE(dest, dest_len) \ diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 9e4266de5a..bc690f2e02 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -199,9 +199,12 @@ static NTSTATUS cli_session_setup_guest(struct cli_state *cli) cli->vuid = SVAL(cli->inbuf,smb_uid); p = smb_buf(cli->inbuf); - p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE); - p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE); - p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring), + -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring), + -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring), + -1, STR_TERMINATE); if (strstr(cli->server_type, "Samba")) { cli->is_samba = True; @@ -276,9 +279,12 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli, cli->vuid = SVAL(cli->inbuf,smb_uid); p = smb_buf(cli->inbuf); - p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE); - p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE); - p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring), + -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring), + -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring), + -1, STR_TERMINATE); fstrcpy(cli->user_name, user); if (strstr(cli->server_type, "Samba")) { @@ -426,9 +432,12 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user, cli->vuid = SVAL(cli->inbuf,smb_uid); p = smb_buf(cli->inbuf); - p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE); - p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE); - p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring), + -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring), + -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring), + -1, STR_TERMINATE); if (strstr(cli->server_type, "Samba")) { cli->is_samba = True; @@ -512,11 +521,13 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli) blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3)); p += blob2.length; - p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE); + p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring), + -1, STR_TERMINATE); /* w2k with kerberos doesn't properly null terminate this field */ len = smb_bufrem(cli->inbuf, p); - p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0); + p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring), + len, 0); return blob2; } @@ -1178,7 +1189,8 @@ bool cli_send_tconX(struct cli_state *cli, if (cli_is_error(cli)) return False; - clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII); + clistr_pull(cli->inbuf, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), + -1, STR_TERMINATE|STR_ASCII); if (cli->protocol >= PROTOCOL_NT1 && smb_buflen(cli->inbuf) == 3) { @@ -1350,7 +1362,7 @@ NTSTATUS cli_negprot_recv(struct async_req *req) /* work out if they sent us a workgroup */ if (!(cli->capabilities & CAP_EXTENDED_SECURITY) && smb_buflen(cli->inbuf) > 8) { - clistr_pull(cli, cli->server_domain, + clistr_pull(cli->inbuf, cli->server_domain, bytes+8, sizeof(cli->server_domain), num_bytes-8, STR_UNICODE|STR_NOALIGN); diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index d649c504b7..f853e4e670 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -785,9 +785,10 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx, if (p + node_offset > endp) { goto out; } - clistr_pull_talloc(ctx, cli, &referrals[i].dfspath, - p+node_offset, -1, - STR_TERMINATE|STR_UNICODE ); + clistr_pull_talloc(ctx, cli->inbuf, + &referrals[i].dfspath, + p+node_offset, -1, + STR_TERMINATE|STR_UNICODE); if (!referrals[i].dfspath) { goto out; diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 7c75826414..02cd2108bf 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -783,10 +783,15 @@ int cli_nt_create(struct cli_state *cli, const char *fname, uint32 DesiredAccess uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2, const char *str) { - size_t buflen = talloc_get_size(buf); + size_t buflen; char *converted; size_t converted_size; + if (buf == NULL) { + return NULL; + } + + buflen = talloc_get_size(buf); /* * We're pushing into an SMB buffer, align odd */ @@ -809,6 +814,7 @@ uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2, const char *str) buf = TALLOC_REALLOC_ARRAY(NULL, buf, uint8_t, buflen + converted_size); if (buf == NULL) { + TALLOC_FREE(converted); return NULL; } @@ -1745,7 +1751,7 @@ int cli_ctemp(struct cli_state *cli, const char *path, char **tmp_path) if (!path2) { return -1; } - clistr_pull(cli, path2, p, + clistr_pull(cli->inbuf, path2, p, len+1, len, STR_ASCII); *tmp_path = path2; } diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 5e73b61cd2..77290d2df9 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -229,7 +229,8 @@ bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint *pserial_number = IVAL(rdata,0); } nlen = CVAL(rdata,l2_vol_cch); - clistr_pull(cli, volume_name, rdata + l2_vol_szVolLabel, sizeof(fstring), nlen, STR_NOALIGN); + clistr_pull(cli->inbuf, volume_name, rdata + l2_vol_szVolLabel, + sizeof(fstring), nlen, STR_NOALIGN); /* todo: but not yet needed * return the other stuff @@ -290,7 +291,8 @@ bool cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 * *pserial_number = IVAL(rdata,8); } nlen = IVAL(rdata,12); - clistr_pull(cli, volume_name, rdata + 18, sizeof(fstring), nlen, STR_UNICODE); + clistr_pull(cli->inbuf, volume_name, rdata + 18, sizeof(fstring), + nlen, STR_UNICODE); /* todo: but not yet needed * return the other stuff diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index 1431b804b0..e604725493 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -98,7 +98,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx, between win2000 and win9x for this call (tridge) */ ret = clistr_pull_talloc(ctx, - cli, + cli->inbuf, &finfo->name, p, len+2, @@ -127,7 +127,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx, return pdata_end - base; } ret = clistr_pull_talloc(ctx, - cli, + cli->inbuf, &finfo->name, p, len, @@ -179,7 +179,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx, /* stupid NT bugs. grr */ int flags = 0; if (p[1] == 0 && namelen > 1) flags |= STR_UNICODE; - clistr_pull(cli, finfo->short_name, p, + clistr_pull(cli->inbuf, finfo->short_name, p, sizeof(finfo->short_name), slen, flags); } @@ -188,7 +188,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx, return pdata_end - base; } ret = clistr_pull_talloc(ctx, - cli, + cli->inbuf, &finfo->name, p, namelen, @@ -514,7 +514,7 @@ static bool interpret_short_filename(TALLOC_CTX *ctx, finfo->mtime_ts.tv_nsec = finfo->atime_ts.tv_nsec = 0; finfo->size = IVAL(p,26); ret = clistr_pull_talloc(ctx, - cli, + cli->inbuf, &finfo->name, p+30, 12, diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index 1656d9eb1c..3f95e77aee 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -952,7 +952,8 @@ bool cli_qfilename(struct cli_state *cli, int fnum, char *name, size_t namelen) return False; } - clistr_pull(cli, name, rdata+4, namelen, IVAL(rdata, 0), STR_UNICODE); + clistr_pull(cli->inbuf, name, rdata+4, namelen, IVAL(rdata, 0), + STR_UNICODE); SAFE_FREE(rparam); SAFE_FREE(rdata); @@ -1232,7 +1233,8 @@ NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstrin return NT_STATUS_INVALID_NETWORK_RESPONSE; } - clistr_pull(cli, alt_name, rdata+4, sizeof(fstring), len, STR_UNICODE); + clistr_pull(cli->inbuf, alt_name, rdata+4, sizeof(fstring), len, + STR_UNICODE); SAFE_FREE(rdata); SAFE_FREE(rparam); diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c index 5d20d632aa..8685781404 100644 --- a/source3/libsmb/clistr.c +++ b/source3/libsmb/clistr.c @@ -51,22 +51,22 @@ size_t clistr_push_fn(const char *function, size_t clistr_pull_fn(const char *function, unsigned int line, - struct cli_state *cli, + const char *inbuf, char *dest, const void *src, int dest_len, int src_len, int flags) { - return pull_string_fn(function, line, cli->inbuf, - SVAL(cli->inbuf, smb_flg2), dest, src, dest_len, + return pull_string_fn(function, line, inbuf, + SVAL(inbuf, smb_flg2), dest, src, dest_len, src_len, flags); } size_t clistr_pull_talloc_fn(const char *function, unsigned int line, TALLOC_CTX *ctx, - struct cli_state *cli, + const char *inbuf, char **pp_dest, const void *src, int src_len, @@ -75,8 +75,8 @@ size_t clistr_pull_talloc_fn(const char *function, return pull_string_talloc_fn(function, line, ctx, - cli->inbuf, - SVAL(cli->inbuf, smb_flg2), + inbuf, + SVAL(inbuf, smb_flg2), pp_dest, src, src_len, diff --git a/source3/smbd/process.c b/source3/smbd/process.c index dc038b6b95..a025bb4197 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1640,8 +1640,18 @@ void chain_reply(struct smb_request *req) /* * In req->chain_outbuf we collect all the replies. Start the * chain by copying in the first reply. + * + * We do the realloc because later on we depend on + * talloc_get_size to determine the length of + * chain_outbuf. The reply_xxx routines might have + * over-allocated (reply_pipe_read_and_X used to be such an + * example). */ - req->chain_outbuf = req->outbuf; + req->chain_outbuf = TALLOC_REALLOC_ARRAY( + req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4); + if (req->chain_outbuf == NULL) { + goto error; + } req->outbuf = NULL; } else { if (!smb_splice_chain(&req->chain_outbuf, |