summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smb.h1
-rw-r--r--source3/smbd/process.c5
-rw-r--r--source3/smbd/reply.c22
-rw-r--r--source3/smbd/sesssetup.c3
4 files changed, 12 insertions, 19 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index fdbad2a22a..d682052c63 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -631,6 +631,7 @@ struct smb_request {
uint16 vuid;
uint16 tid;
uint8 wct;
+ uint16_t buflen;
const uint8 *inbuf;
uint8 *outbuf;
size_t unread_bytes;
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 4d415b2d27..8e1add3fb1 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -375,6 +375,7 @@ void init_smb_request(struct smb_request *req,
req->vuid = SVAL(inbuf, smb_uid);
req->tid = SVAL(inbuf, smb_tid);
req->wct = CVAL(inbuf, smb_wct);
+ req->buflen = smb_buflen(inbuf);
req->unread_bytes = unread_bytes;
req->encrypted = encrypted;
req->conn = conn_find(req->tid);
@@ -388,10 +389,10 @@ void init_smb_request(struct smb_request *req,
exit_server_cleanly("Invalid SMB request");
}
/* Ensure bcc is correct. */
- if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
+ if (((uint8 *)smb_buf(inbuf)) + req->buflen > inbuf + req_size) {
DEBUG(0,("init_smb_request: invalid bcc number %u "
"(wct = %u, size %u)\n",
- (unsigned int)smb_buflen(inbuf),
+ (unsigned int)req->buflen,
(unsigned int)req->wct,
(unsigned int)req_size));
exit_server_cleanly("Invalid SMB request");
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 25480c6e3b..2d7e557980 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -523,7 +523,7 @@ void reply_tcon(struct smb_request *req)
START_PROFILE(SMBtcon);
- if (smb_buflen(req->inbuf) < 4) {
+ if (req->buflen < 4) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBtcon);
return;
@@ -614,7 +614,7 @@ void reply_tcon_and_X(struct smb_request *req)
conn = NULL;
}
- if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
+ if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
reply_doserror(req, ERRDOS, ERRbuftoosmall);
END_PROFILE(SMBtconX);
return;
@@ -4562,7 +4562,6 @@ void reply_echo(struct smb_request *req)
connection_struct *conn = req->conn;
int smb_reverb;
int seq_num;
- unsigned int data_len = smb_buflen(req->inbuf);
START_PROFILE(SMBecho);
@@ -4572,20 +4571,13 @@ void reply_echo(struct smb_request *req)
return;
}
- if (data_len > BUFFER_SIZE) {
- DEBUG(0,("reply_echo: data_len too large.\n"));
- reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
- END_PROFILE(SMBecho);
- return;
- }
-
smb_reverb = SVAL(req->inbuf,smb_vwv0);
- reply_outbuf(req, 1, data_len);
+ reply_outbuf(req, 1, req->buflen);
/* copy any incoming data back out */
- if (data_len > 0) {
- memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
+ if (req->buflen > 0) {
+ memcpy(smb_buf(req->outbuf), smb_buf(req->inbuf), req->buflen);
}
if (smb_reverb > 100) {
@@ -4835,7 +4827,7 @@ void reply_printwrite(struct smb_request *req)
numtowrite = SVAL(smb_buf(req->inbuf),1);
- if (smb_buflen(req->inbuf) < numtowrite + 3) {
+ if (req->buflen < numtowrite + 3) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBsplwr);
return;
@@ -6746,7 +6738,7 @@ void reply_lockingX(struct smb_request *req)
release_level_2_oplocks_on_change(fsp);
- if (smb_buflen(req->inbuf) <
+ if (req->buflen <
(num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBlockingX);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b258386121..02931e49f4 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1446,8 +1446,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
* don't get client caps. */
remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
- if ((passlen1 > MAX_PASS_LEN)
- || (passlen1 > smb_buflen(req->inbuf))) {
+ if ((passlen1 > MAX_PASS_LEN) || (passlen1 > req->buflen)) {
reply_nterror(req, nt_status_squash(
NT_STATUS_INVALID_PARAMETER));
END_PROFILE(SMBsesssetupX);