summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/include/safe_string.h12
-rw-r--r--source3/libsmb/cliconnect.c38
-rw-r--r--source3/libsmb/clidfs.c7
-rw-r--r--source3/libsmb/clifile.c10
-rw-r--r--source3/libsmb/clifsinfo.c6
-rw-r--r--source3/libsmb/clilist.c10
-rw-r--r--source3/libsmb/clirap.c6
-rw-r--r--source3/libsmb/clistr.c12
-rw-r--r--source3/smbd/process.c12
10 files changed, 75 insertions, 42 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 1414ba89ec..8838419705 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2825,7 +2825,7 @@ size_t clistr_push_fn(const char *function,
int flags);
size_t clistr_pull_fn(const char *function,
unsigned int line,
- struct cli_state *cli,
+ const char *inbuf,
char *dest,
const void *src,
int dest_len,
@@ -2834,7 +2834,7 @@ size_t clistr_pull_fn(const char *function,
size_t clistr_pull_talloc_fn(const char *function,
unsigned int line,
TALLOC_CTX *ctx,
- struct cli_state *cli,
+ const char *inbuf,
char **pp_dest,
const void *src,
int src_len,
diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h
index c030acf8fd..a7230964c9 100644
--- a/source3/include/safe_string.h
+++ b/source3/include/safe_string.h
@@ -146,13 +146,13 @@ size_t __unsafe_string_function_usage_here_char__(void);
clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \
cli, dest, src, dest_len, flags)
-#define clistr_pull(cli, dest, src, dest_len, src_len, flags) \
+#define clistr_pull(inbuf, dest, src, dest_len, src_len, flags) \
clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \
- cli, dest, src, dest_len, src_len, flags)
+ inbuf, dest, src, dest_len, src_len, flags)
-#define clistr_pull_talloc(ctx, cli, pp_dest, src, src_len, flags) \
+#define clistr_pull_talloc(ctx, inbuf, pp_dest, src, src_len, flags) \
clistr_pull_talloc_fn(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \
- ctx, cli, pp_dest, src, src_len, flags)
+ ctx, inbuf, pp_dest, src, src_len, flags)
#define srvstr_push(base_ptr, smb_flags2, dest, src, dest_len, flags) \
srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, \
@@ -200,10 +200,10 @@ size_t __unsafe_string_function_usage_here_char__(void);
? __unsafe_string_function_usage_here_size_t__() \
: clistr_push_fn(fn_name, fn_line, cli, dest, src, dest_len, flags))
-#define clistr_pull_fn2(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags) \
+#define clistr_pull_fn2(fn_name, fn_line, inbuf, dest, src, dest_len, srclen, flags) \
(CHECK_STRING_SIZE(dest, dest_len) \
? __unsafe_string_function_usage_here_size_t__() \
- : clistr_pull_fn(fn_name, fn_line, cli, dest, src, dest_len, srclen, flags))
+ : clistr_pull_fn(fn_name, fn_line, inbuf, dest, src, dest_len, srclen, flags))
#define srvstr_push_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, flags) \
(CHECK_STRING_SIZE(dest, dest_len) \
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 9e4266de5a..bc690f2e02 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -199,9 +199,12 @@ static NTSTATUS cli_session_setup_guest(struct cli_state *cli)
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+ -1, STR_TERMINATE);
if (strstr(cli->server_type, "Samba")) {
cli->is_samba = True;
@@ -276,9 +279,12 @@ static NTSTATUS cli_session_setup_plaintext(struct cli_state *cli,
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+ -1, STR_TERMINATE);
fstrcpy(cli->user_name, user);
if (strstr(cli->server_type, "Samba")) {
@@ -426,9 +432,12 @@ static NTSTATUS cli_session_setup_nt1(struct cli_state *cli, const char *user,
cli->vuid = SVAL(cli->inbuf,smb_uid);
p = smb_buf(cli->inbuf);
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), -1, STR_TERMINATE);
- p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_domain, p, sizeof(fstring),
+ -1, STR_TERMINATE);
if (strstr(cli->server_type, "Samba")) {
cli->is_samba = True;
@@ -512,11 +521,13 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3));
p += blob2.length;
- p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
+ p += clistr_pull(cli->inbuf, cli->server_os, p, sizeof(fstring),
+ -1, STR_TERMINATE);
/* w2k with kerberos doesn't properly null terminate this field */
len = smb_bufrem(cli->inbuf, p);
- p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
+ p += clistr_pull(cli->inbuf, cli->server_type, p, sizeof(fstring),
+ len, 0);
return blob2;
}
@@ -1178,7 +1189,8 @@ bool cli_send_tconX(struct cli_state *cli,
if (cli_is_error(cli))
return False;
- clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE|STR_ASCII);
+ clistr_pull(cli->inbuf, cli->dev, smb_buf(cli->inbuf), sizeof(fstring),
+ -1, STR_TERMINATE|STR_ASCII);
if (cli->protocol >= PROTOCOL_NT1 &&
smb_buflen(cli->inbuf) == 3) {
@@ -1350,7 +1362,7 @@ NTSTATUS cli_negprot_recv(struct async_req *req)
/* work out if they sent us a workgroup */
if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
smb_buflen(cli->inbuf) > 8) {
- clistr_pull(cli, cli->server_domain,
+ clistr_pull(cli->inbuf, cli->server_domain,
bytes+8, sizeof(cli->server_domain),
num_bytes-8,
STR_UNICODE|STR_NOALIGN);
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index d649c504b7..f853e4e670 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -785,9 +785,10 @@ bool cli_dfs_get_referral(TALLOC_CTX *ctx,
if (p + node_offset > endp) {
goto out;
}
- clistr_pull_talloc(ctx, cli, &referrals[i].dfspath,
- p+node_offset, -1,
- STR_TERMINATE|STR_UNICODE );
+ clistr_pull_talloc(ctx, cli->inbuf,
+ &referrals[i].dfspath,
+ p+node_offset, -1,
+ STR_TERMINATE|STR_UNICODE);
if (!referrals[i].dfspath) {
goto out;
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 7c75826414..02cd2108bf 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -783,10 +783,15 @@ int cli_nt_create(struct cli_state *cli, const char *fname, uint32 DesiredAccess
uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2, const char *str)
{
- size_t buflen = talloc_get_size(buf);
+ size_t buflen;
char *converted;
size_t converted_size;
+ if (buf == NULL) {
+ return NULL;
+ }
+
+ buflen = talloc_get_size(buf);
/*
* We're pushing into an SMB buffer, align odd
*/
@@ -809,6 +814,7 @@ uint8_t *smb_bytes_push_str(uint8_t *buf, bool ucs2, const char *str)
buf = TALLOC_REALLOC_ARRAY(NULL, buf, uint8_t,
buflen + converted_size);
if (buf == NULL) {
+ TALLOC_FREE(converted);
return NULL;
}
@@ -1745,7 +1751,7 @@ int cli_ctemp(struct cli_state *cli, const char *path, char **tmp_path)
if (!path2) {
return -1;
}
- clistr_pull(cli, path2, p,
+ clistr_pull(cli->inbuf, path2, p,
len+1, len, STR_ASCII);
*tmp_path = path2;
}
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index 5e73b61cd2..77290d2df9 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -229,7 +229,8 @@ bool cli_get_fs_volume_info_old(struct cli_state *cli, fstring volume_name, uint
*pserial_number = IVAL(rdata,0);
}
nlen = CVAL(rdata,l2_vol_cch);
- clistr_pull(cli, volume_name, rdata + l2_vol_szVolLabel, sizeof(fstring), nlen, STR_NOALIGN);
+ clistr_pull(cli->inbuf, volume_name, rdata + l2_vol_szVolLabel,
+ sizeof(fstring), nlen, STR_NOALIGN);
/* todo: but not yet needed
* return the other stuff
@@ -290,7 +291,8 @@ bool cli_get_fs_volume_info(struct cli_state *cli, fstring volume_name, uint32 *
*pserial_number = IVAL(rdata,8);
}
nlen = IVAL(rdata,12);
- clistr_pull(cli, volume_name, rdata + 18, sizeof(fstring), nlen, STR_UNICODE);
+ clistr_pull(cli->inbuf, volume_name, rdata + 18, sizeof(fstring),
+ nlen, STR_UNICODE);
/* todo: but not yet needed
* return the other stuff
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index 1431b804b0..e604725493 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -98,7 +98,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
between win2000 and win9x for this call
(tridge) */
ret = clistr_pull_talloc(ctx,
- cli,
+ cli->inbuf,
&finfo->name,
p,
len+2,
@@ -127,7 +127,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
return pdata_end - base;
}
ret = clistr_pull_talloc(ctx,
- cli,
+ cli->inbuf,
&finfo->name,
p,
len,
@@ -179,7 +179,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
/* stupid NT bugs. grr */
int flags = 0;
if (p[1] == 0 && namelen > 1) flags |= STR_UNICODE;
- clistr_pull(cli, finfo->short_name, p,
+ clistr_pull(cli->inbuf, finfo->short_name, p,
sizeof(finfo->short_name),
slen, flags);
}
@@ -188,7 +188,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
return pdata_end - base;
}
ret = clistr_pull_talloc(ctx,
- cli,
+ cli->inbuf,
&finfo->name,
p,
namelen,
@@ -514,7 +514,7 @@ static bool interpret_short_filename(TALLOC_CTX *ctx,
finfo->mtime_ts.tv_nsec = finfo->atime_ts.tv_nsec = 0;
finfo->size = IVAL(p,26);
ret = clistr_pull_talloc(ctx,
- cli,
+ cli->inbuf,
&finfo->name,
p+30,
12,
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 1656d9eb1c..3f95e77aee 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -952,7 +952,8 @@ bool cli_qfilename(struct cli_state *cli, int fnum, char *name, size_t namelen)
return False;
}
- clistr_pull(cli, name, rdata+4, namelen, IVAL(rdata, 0), STR_UNICODE);
+ clistr_pull(cli->inbuf, name, rdata+4, namelen, IVAL(rdata, 0),
+ STR_UNICODE);
SAFE_FREE(rparam);
SAFE_FREE(rdata);
@@ -1232,7 +1233,8 @@ NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstrin
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- clistr_pull(cli, alt_name, rdata+4, sizeof(fstring), len, STR_UNICODE);
+ clistr_pull(cli->inbuf, alt_name, rdata+4, sizeof(fstring), len,
+ STR_UNICODE);
SAFE_FREE(rdata);
SAFE_FREE(rparam);
diff --git a/source3/libsmb/clistr.c b/source3/libsmb/clistr.c
index 5d20d632aa..8685781404 100644
--- a/source3/libsmb/clistr.c
+++ b/source3/libsmb/clistr.c
@@ -51,22 +51,22 @@ size_t clistr_push_fn(const char *function,
size_t clistr_pull_fn(const char *function,
unsigned int line,
- struct cli_state *cli,
+ const char *inbuf,
char *dest,
const void *src,
int dest_len,
int src_len,
int flags)
{
- return pull_string_fn(function, line, cli->inbuf,
- SVAL(cli->inbuf, smb_flg2), dest, src, dest_len,
+ return pull_string_fn(function, line, inbuf,
+ SVAL(inbuf, smb_flg2), dest, src, dest_len,
src_len, flags);
}
size_t clistr_pull_talloc_fn(const char *function,
unsigned int line,
TALLOC_CTX *ctx,
- struct cli_state *cli,
+ const char *inbuf,
char **pp_dest,
const void *src,
int src_len,
@@ -75,8 +75,8 @@ size_t clistr_pull_talloc_fn(const char *function,
return pull_string_talloc_fn(function,
line,
ctx,
- cli->inbuf,
- SVAL(cli->inbuf, smb_flg2),
+ inbuf,
+ SVAL(inbuf, smb_flg2),
pp_dest,
src,
src_len,
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index dc038b6b95..a025bb4197 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1640,8 +1640,18 @@ void chain_reply(struct smb_request *req)
/*
* In req->chain_outbuf we collect all the replies. Start the
* chain by copying in the first reply.
+ *
+ * We do the realloc because later on we depend on
+ * talloc_get_size to determine the length of
+ * chain_outbuf. The reply_xxx routines might have
+ * over-allocated (reply_pipe_read_and_X used to be such an
+ * example).
*/
- req->chain_outbuf = req->outbuf;
+ req->chain_outbuf = TALLOC_REALLOC_ARRAY(
+ req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
+ if (req->chain_outbuf == NULL) {
+ goto error;
+ }
req->outbuf = NULL;
} else {
if (!smb_splice_chain(&req->chain_outbuf,