From d280d9f945be2d658694c6d4503822e99dc953b5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 6 Sep 2011 14:01:43 +0200 Subject: s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_sesssetup.c metze --- source3/smbd/smb2_sesssetup.c | 35 +++++++++-------------------------- 1 file changed, 9 insertions(+), 26 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 30e65c2137..e535f17e49 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -50,8 +50,6 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req) uint8_t *outhdr; DATA_BLOB outbody; DATA_BLOB outdyn; - size_t expected_body_size = 0x19; - size_t body_size; uint64_t in_session_id; uint8_t in_security_mode; uint16_t in_security_offset; @@ -63,23 +61,17 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req) DATA_BLOB out_security_buffer; NTSTATUS status; - inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base; - - if (smb2req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) { - return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER); + status = smbd_smb2_request_verify_sizes(smb2req, 0x19); + if (!NT_STATUS_IS_OK(status)) { + return smbd_smb2_request_error(smb2req, status); } - + inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base; inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base; - body_size = SVAL(inbody, 0x00); - if (body_size != expected_body_size) { - return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER); - } - in_security_offset = SVAL(inbody, 0x0C); in_security_length = SVAL(inbody, 0x0E); - if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) { + if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) { return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER); } @@ -789,21 +781,12 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req, NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req) { - const uint8_t *inbody; - int i = req->current_idx; + NTSTATUS status; DATA_BLOB outbody; - size_t expected_body_size = 0x04; - size_t body_size; - if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) { - return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); - } - - inbody = (const uint8_t *)req->in.vector[i+1].iov_base; - - body_size = SVAL(inbody, 0x00); - if (body_size != expected_body_size) { - return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); + status = smbd_smb2_request_verify_sizes(req, 0x04); + if (!NT_STATUS_IS_OK(status)) { + return smbd_smb2_request_error(req, status); } /* -- cgit