From 62c78742c48c90d3a0256305a9e8c1c92b94c648 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 12 Sep 2006 02:26:32 +0000 Subject: r18413: Based on the new torture test I added in samba4 it turns out the flags determines what kind of share is this. I suppose 0x80000000 means something like (legacy) as it will fail for any share name longer then 13 chars (same size accepted for old RAP calls that come from pre NT OSs. Jerry, let me know if you want me to commit this to 3_0_23 Simo. (This used to be commit f09f8b2d820b10679f3e9cf80749da0a35f5ce6a) --- source3/rpc_server/srv_srvsvc_nt.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 3e79b420a9..c65401f1c4 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2221,11 +2221,28 @@ WERROR _srv_net_disk_enum(pipes_struct *p, SRV_Q_NET_DISK_ENUM *q_u, SRV_R_NET_D WERROR _srv_net_name_validate(pipes_struct *p, SRV_Q_NET_NAME_VALIDATE *q_u, SRV_R_NET_NAME_VALIDATE *r_u) { fstring sharename; + int len; + + if ((q_u->flags != 0x0) && (q_u->flags != 0x80000000)) { + return WERR_INVALID_PARAM; + } switch ( q_u->type ) { case 0x9: rpcstr_pull(sharename, q_u->sharename.buffer, sizeof(sharename), q_u->sharename.uni_str_len*2, 0); - if ( !validate_net_name( sharename, INVALID_SHARENAME_CHARS, sizeof(sharename) ) ) { + + len = strlen_m(sharename); + + if ((q_u->flags == 0x0) && (len > 81)) { + DEBUG(5,("_srv_net_name_validate: share name too long (%s > 81 chars)\n", sharename)); + return WERR_INVALID_NAME; + } + if ((q_u->flags == 0x80000000) && (len > 13)) { + DEBUG(5,("_srv_net_name_validate: share name too long (%s > 13 chars)\n", sharename)); + return WERR_INVALID_NAME; + } + + if ( ! validate_net_name( sharename, INVALID_SHARENAME_CHARS, sizeof(sharename) ) ) { DEBUG(5,("_srv_net_name_validate: Bad sharename \"%s\"\n", sharename)); return WERR_INVALID_NAME; } -- cgit