From 5987c8269779ca2a7207c37a94b0e841a380d7d1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 16 Jan 2009 17:31:56 +0100 Subject: Always check the max send sizein rpc_api_pipe, not just with DEVELOPER --- source3/rpc_client/cli_pipe.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'source3/rpc_client/cli_pipe.c') diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index d0411e5422..d6f18846b1 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1275,14 +1275,13 @@ static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli, uint8_t *rdata = NULL; uint8_t *rdata_copy; uint32_t rdata_len = 0; - uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : RPC_MAX_PDU_FRAG_LEN; uint32 current_rbuf_offset = 0; prs_struct current_pdu; -#ifdef DEVELOPER - /* Ensure we're not sending too much. */ - SMB_ASSERT(data_len <= max_data); -#endif + if (data_len > cli->max_xmit_frag) { + /* Ensure we're not sending too much. */ + return NT_STATUS_INVALID_PARAMETER; + } /* Set up the current pdu parse struct. */ prs_init_empty(¤t_pdu, prs_get_mem_context(rbuf), UNMARSHALL); @@ -1291,9 +1290,7 @@ static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli, ret = cli_api_pipe(talloc_tos(), cli, (uint8_t *)prs_data_p(data), prs_offset(data), - cli->max_recv_frag - ? cli->max_recv_frag : RPC_MAX_PDU_FRAG_LEN, - &rdata, &rdata_len); + cli->max_recv_frag, &rdata, &rdata_len); if (!NT_STATUS_IS_OK(ret)) { DEBUG(5, ("cli_api_pipe failed: %s\n", nt_errstr(ret))); return ret; -- cgit