From 0be9746e1fc47aff93c1d77d256f4fb7942529d6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 28 May 2008 16:58:34 +1000 Subject: ensure we don't change the incoming blobs in a SMB2 create (This used to be commit a6cc89fffe8c149b540f2125cea57f31331d5460) --- source4/libcli/smb2/create.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source4/libcli') diff --git a/source4/libcli/smb2/create.c b/source4/libcli/smb2/create.c index b976b528f1..bff0a1587d 100644 --- a/source4/libcli/smb2/create.c +++ b/source4/libcli/smb2/create.c @@ -59,6 +59,7 @@ NTSTATUS smb2_create_blob_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer, next > remaining || name_offset < 16 || name_offset > remaining || + name_length != 4 || /* windows enforces this */ name_offset + name_length > remaining || data_offset < name_offset + name_length || data_offset > remaining || @@ -190,7 +191,10 @@ struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create struct smb2_request *req; NTSTATUS status; DATA_BLOB blob; - struct smb2_create_blobs blobs = io->in.blobs; + struct smb2_create_blobs blobs; + int i; + + ZERO_STRUCT(blobs); req = smb2_request_init_tree(tree, SMB2_OP_CREATE, 0x38, true, 0); if (req == NULL) return NULL; @@ -309,6 +313,17 @@ struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create } /* and any custom blobs */ + for (i=0;iin.blobs.num_blobs;i++) { + status = smb2_create_blob_add(req, &blobs, + io->in.blobs.blobs[i].tag, + io->in.blobs.blobs[i].data); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(req); + return NULL; + } + } + + status = smb2_create_blob_push(req, &blob, blobs); if (!NT_STATUS_IS_OK(status)) { talloc_free(req); -- cgit