diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/nttrans.c | 37 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 94 |
2 files changed, 63 insertions, 68 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index e20e433abc..4c17396eb4 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1143,7 +1143,7 @@ static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 secu static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { pstring fname; char *params = *ppparams; @@ -1782,7 +1782,7 @@ int reply_nttranss(connection_struct *conn, static int call_nt_transact_notify_change(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { char *setup = *ppsetup; files_struct *fsp; @@ -1818,7 +1818,7 @@ name = %s\n", fsp->fsp_name )); static int call_nt_transact_rename(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { char *params = *ppparams; pstring new_name; @@ -1885,9 +1885,8 @@ static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) static int call_nt_transact_query_security_desc(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { - uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount); char *params = *ppparams; char *data = *ppdata; prs_struct pd; @@ -1997,7 +1996,7 @@ security descriptor.\n")); static int call_nt_transact_set_security_desc(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { char *params= *ppparams; char *data = *ppdata; @@ -2038,7 +2037,7 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, char *inb static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { uint32 function; uint16 fidnum; @@ -2115,7 +2114,6 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou * Allocate the correct amount and return the pointer to let * it be deallocated when we return. */ - uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount); SHADOW_COPY_DATA *shadow_data = NULL; TALLOC_CTX *shadow_mem_ctx = NULL; BOOL labels = False; @@ -2288,10 +2286,9 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { NTSTATUS nt_status = NT_STATUS_OK; - uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount); char *params = *ppparams; char *pdata = *ppdata; char *entry; @@ -2538,7 +2535,7 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, static int call_nt_transact_set_user_quota(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, char **ppsetup, uint32 setup_count, char **ppparams, uint32 parameter_count, - char **ppdata, uint32 data_count) + char **ppdata, uint32 data_count, uint32 max_data_count) { char *params = *ppparams; char *pdata = *ppdata; @@ -2657,10 +2654,10 @@ int reply_nttrans(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize) { int outsize = 0; + uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount); #if 0 /* Not used. */ uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount); uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount); - uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount); #endif /* Not used. */ uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount); uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount); @@ -2871,7 +2868,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_create); break; case NT_TRANSACT_IOCTL: @@ -2880,7 +2877,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_ioctl); break; case NT_TRANSACT_SET_SECURITY_DESC: @@ -2889,7 +2886,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_set_security_desc); break; case NT_TRANSACT_NOTIFY_CHANGE: @@ -2898,7 +2895,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_notify_change); break; case NT_TRANSACT_RENAME: @@ -2907,7 +2904,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_rename); break; @@ -2917,7 +2914,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_query_security_desc); break; #ifdef HAVE_SYS_QUOTAS @@ -2927,7 +2924,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_get_user_quota); break; case NT_TRANSACT_SET_USER_QUOTA: @@ -2936,7 +2933,7 @@ due to being in oplock break state.\n", (unsigned int)function_code )); length, bufsize, &setup, setup_count, ¶ms, total_parameter_count, - &data, total_data_count); + &data, total_data_count, max_data_count); END_PROFILE_NESTED(NT_transact_set_user_quota); break; #endif /* HAVE_SYS_QUOTAS */ diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index ca2c8a060d..b61839df07 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -584,7 +584,8 @@ static int send_trans2_replies(char *outbuf, ****************************************************************************/ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { char *params = *pparams; int16 open_mode; @@ -1317,14 +1318,14 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn, ****************************************************************************/ static int call_trans2findfirst(connection_struct *conn, char *inbuf, char *outbuf, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { /* We must be careful here that we don't return more than the allowed number of data bytes. If this means returning fewer than maxentries then so be it. We assume that the redirector has enough room for the fixed number of parameter bytes it has requested. */ - uint32 max_data_bytes = SVAL(inbuf, smb_mdrcnt); char *params = *pparams; char *pdata = *ppdata; int dirtype = SVAL(params,0); @@ -1542,14 +1543,14 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", ****************************************************************************/ static int call_trans2findnext(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { /* We must be careful here that we don't return more than the allowed number of data bytes. If this means returning fewer than maxentries then so be it. We assume that the redirector has enough room for the fixed number of parameter bytes it has requested. */ - int max_data_bytes = SVAL(inbuf, smb_mdrcnt); char *params = *pparams; char *pdata = *ppdata; int dptr_num = SVAL(params,0); @@ -1809,11 +1810,10 @@ resume_key = %d resume name = %s continue=%d level = %d\n", Reply to a TRANS2_QFSINFO (query filesystem info). ****************************************************************************/ -static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf, - int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { - int max_data_bytes = SVAL(inbuf, smb_mdrcnt); char *pdata = *ppdata; char *params = *pparams; uint16 info_level = SVAL(params,0); @@ -2117,9 +2117,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned Reply to a TRANS2_SETFSINFO (set filesystem info). ****************************************************************************/ -static int call_trans2setfsinfo(connection_struct *conn, - char *inbuf, char *outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2setfsinfo(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { char *pdata = *ppdata; char *params = *pparams; @@ -2250,12 +2250,10 @@ int set_bad_path_error(int err, BOOL bad_path, char *outbuf, int def_class, uint file name or file id). ****************************************************************************/ -static int call_trans2qfilepathinfo(connection_struct *conn, - char *inbuf, char *outbuf, int length, - int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2qfilepathinfo(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { - int max_data_bytes = SVAL(inbuf, smb_mdrcnt); char *params = *pparams; char *pdata = *ppdata; uint16 tran_call = SVAL(inbuf, smb_setup0); @@ -2983,9 +2981,9 @@ NTSTATUS hardlink_internals(connection_struct *conn, char *oldname, char *newnam Reply to a TRANS2_SETFILEINFO (set file info by fileid). ****************************************************************************/ -static int call_trans2setfilepathinfo(connection_struct *conn, - char *inbuf, char *outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { char *params = *pparams; char *pdata = *ppdata; @@ -3735,9 +3733,9 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", Reply to a TRANS2_MKDIR (make directory with extended attributes). ****************************************************************************/ -static int call_trans2mkdir(connection_struct *conn, - char *inbuf, char *outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { char *params = *pparams; pstring directory; @@ -3789,9 +3787,9 @@ static int call_trans2mkdir(connection_struct *conn, We don't actually do this - we just send a null response. ****************************************************************************/ -static int call_trans2findnotifyfirst(connection_struct *conn, - char *inbuf, char *outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2findnotifyfirst(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { static uint16 fnf_handle = 257; char *params = *pparams; @@ -3836,9 +3834,9 @@ static int call_trans2findnotifyfirst(connection_struct *conn, changes). Currently this does nothing. ****************************************************************************/ -static int call_trans2findnotifynext(connection_struct *conn, - char *inbuf, char *outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2findnotifynext(connection_struct *conn, char *inbuf, char *outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { char *params = *pparams; @@ -3862,9 +3860,9 @@ static int call_trans2findnotifynext(connection_struct *conn, Reply to a TRANS2_GET_DFS_REFERRAL - Shirish Kalele <kalele@veritas.com>. ****************************************************************************/ -static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, - char* outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, char* outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { char *params = *pparams; pstring pathname; @@ -3898,9 +3896,9 @@ static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, Reply to a TRANS2_IOCTL - used for OS/2 printing. ****************************************************************************/ -static int call_trans2ioctl(connection_struct *conn, char* inbuf, - char* outbuf, int length, int bufsize, - char **pparams, int total_params, char **ppdata, int total_data) +static int call_trans2ioctl(connection_struct *conn, char* inbuf, char* outbuf, int length, int bufsize, + char **pparams, int total_params, char **ppdata, int total_data, + unsigned int max_data_bytes) { char *pdata = *ppdata; files_struct *fsp = file_fsp(inbuf,smb_vwv15); @@ -4004,9 +4002,9 @@ int reply_trans2(connection_struct *conn, int outsize = 0; unsigned int total_params = SVAL(inbuf, smb_tpscnt); unsigned int total_data =SVAL(inbuf, smb_tdscnt); + unsigned int max_data_bytes = SVAL(inbuf, smb_mdrcnt); #if 0 unsigned int max_param_reply = SVAL(inbuf, smb_mprcnt); - unsigned int max_data_reply = SVAL(inbuf, smb_mdrcnt); unsigned int max_setup_fields = SVAL(inbuf, smb_msrcnt); BOOL close_tid = BITSETW(inbuf+smb_flags,0); BOOL no_final_response = BITSETW(inbuf+smb_flags,1); @@ -4204,28 +4202,28 @@ int reply_trans2(connection_struct *conn, case TRANSACT2_OPEN: START_PROFILE_NESTED(Trans2_open); outsize = call_trans2open(conn, inbuf, outbuf, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_open); break; case TRANSACT2_FINDFIRST: START_PROFILE_NESTED(Trans2_findfirst); outsize = call_trans2findfirst(conn, inbuf, outbuf, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_findfirst); break; case TRANSACT2_FINDNEXT: START_PROFILE_NESTED(Trans2_findnext); outsize = call_trans2findnext(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_findnext); break; case TRANSACT2_QFSINFO: START_PROFILE_NESTED(Trans2_qfsinfo); outsize = call_trans2qfsinfo(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_qfsinfo); break; @@ -4233,7 +4231,7 @@ int reply_trans2(connection_struct *conn, case TRANSACT2_SETFSINFO: START_PROFILE_NESTED(Trans2_setfsinfo); outsize = call_trans2setfsinfo(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_setfsinfo); break; #endif @@ -4241,47 +4239,47 @@ int reply_trans2(connection_struct *conn, case TRANSACT2_QFILEINFO: START_PROFILE_NESTED(Trans2_qpathinfo); outsize = call_trans2qfilepathinfo(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_qpathinfo); break; case TRANSACT2_SETPATHINFO: case TRANSACT2_SETFILEINFO: START_PROFILE_NESTED(Trans2_setpathinfo); outsize = call_trans2setfilepathinfo(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_setpathinfo); break; case TRANSACT2_FINDNOTIFYFIRST: START_PROFILE_NESTED(Trans2_findnotifyfirst); outsize = call_trans2findnotifyfirst(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_findnotifyfirst); break; case TRANSACT2_FINDNOTIFYNEXT: START_PROFILE_NESTED(Trans2_findnotifynext); outsize = call_trans2findnotifynext(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_findnotifynext); break; case TRANSACT2_MKDIR: START_PROFILE_NESTED(Trans2_mkdir); outsize = call_trans2mkdir(conn, inbuf, outbuf, length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_mkdir); break; case TRANSACT2_GET_DFS_REFERRAL: START_PROFILE_NESTED(Trans2_get_dfs_referral); outsize = call_trans2getdfsreferral(conn,inbuf,outbuf,length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_get_dfs_referral); break; case TRANSACT2_IOCTL: START_PROFILE_NESTED(Trans2_ioctl); outsize = call_trans2ioctl(conn,inbuf,outbuf,length, bufsize, - ¶ms, total_params, &data, total_data); + ¶ms, total_params, &data, total_data, max_data_bytes); END_PROFILE_NESTED(Trans2_ioctl); break; default: |