From 34a9892ec17a831bf785ee5c1dc4e0ab0edda0ce Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 25 Jun 2012 23:35:46 +0200
Subject: s3:smb2_server: make the logic in
 smbd_smb2_request_verify_creditcharge() simpler

We just need a max_charge variable to make the algorithm independent
of multi_credit support.

metze
---
 source3/smbd/smb2_server.c | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

(limited to 'source3/smbd/smb2_server.c')

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index a6efdbe686..c9c6431b81 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1436,20 +1436,25 @@ NTSTATUS smbd_smb2_request_verify_creditcharge(struct smbd_smb2_request *req,
 						uint32_t data_length)
 {
 	uint16_t needed_charge;
-	uint16_t credit_charge;
+	uint16_t credit_charge = 1;
+	uint16_t max_charge = 1;
 	const uint8_t *inhdr;
 	int i = req->current_idx;
 
-	if (!req->sconn->smb2.supports_multicredit) {
-		if (data_length > 65536) {
-			return NT_STATUS_INVALID_PARAMETER;
-		}
-		return NT_STATUS_OK;
-	}
-
 	inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
-	credit_charge = SVAL(inhdr, SMB2_HDR_CREDIT_CHARGE);
-	credit_charge = MAX(credit_charge, 1);
+
+	if (req->sconn->smb2.supports_multicredit) {
+		credit_charge = SVAL(inhdr, SMB2_HDR_CREDIT_CHARGE);
+		credit_charge = MAX(credit_charge, 1);
+
+		/*
+		 * TODO: should we limit this here
+		 * to a transport specific value?
+		 *
+		 * TODO: we need tests for this?
+		 */
+		max_charge = UINT16_MAX;
+	}
 
 	needed_charge = (data_length - 1)/ 65536 + 1;
 
@@ -1459,7 +1464,14 @@ NTSTATUS smbd_smb2_request_verify_creditcharge(struct smbd_smb2_request *req,
 
 	if (needed_charge > credit_charge) {
 		DEBUG(2, ("CreditCharge too low, given %d, needed %d\n",
-					credit_charge, needed_charge));
+			  credit_charge, needed_charge));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (credit_charge > max_charge) {
+		DEBUG(2, ("CreditCharge too high, given %d, "
+			  "needed %d, allowed %d\n",
+			  credit_charge, needed_charge, max_charge));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-- 
cgit