From e870cfec9f3512b0f1bd3110d7b975652525e28a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Feb 2008 10:12:33 +1100 Subject: Convert SMB and SMB2 code to use a common buffer handling structure This converts our SMB and SMB2 code to use a common structure "struct request_bufinfo" for information on the buffer bounds of a packet, alignment information and string handling. This allows us to use a common backend for SMB and SMB2 code, while still using all the same string and blob handling functions. Up to now we had been passing a NULL req handle into these common routines from the SMB2 side of the server, which meant that we failed any operation which did a bounds checked string extraction (such as a RenameInformation setinfo call, which is what Vista uses for renaming files) There is still some more work to be done on this - for example we can now remove many of the SMB2 specific buffer handling functions that we had, and use the SMB ones. (This used to be commit ca6d9be6cb6a403a81b18fa6e9a6a0518d7f0f68) --- source4/smb_server/smb/search.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/smb_server/smb/search.c') diff --git a/source4/smb_server/smb/search.c b/source4/smb_server/smb/search.c index ccf2ff7365..90b2331271 100644 --- a/source4/smb_server/smb/search.c +++ b/source4/smb_server/smb/search.c @@ -129,14 +129,14 @@ void smbsrv_reply_search(struct smbsrv_request *req) SMBSRV_TALLOC_IO_PTR(sf, union smb_search_first); p = req->in.data; - p += req_pull_ascii4(req, &sf->search_first.in.pattern, + p += req_pull_ascii4(&req->in.bufinfo, &sf->search_first.in.pattern, p, STR_TERMINATE); if (!sf->search_first.in.pattern) { smbsrv_send_error(req, NT_STATUS_OBJECT_NAME_NOT_FOUND); return; } - if (req_data_oob(req, p, 3)) { + if (req_data_oob(&req->in.bufinfo, p, 3)) { smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; } @@ -167,7 +167,7 @@ void smbsrv_reply_search(struct smbsrv_request *req) union smb_search_next *sn; if (resume_key_length != 21 || - req_data_oob(req, p, 21) || + req_data_oob(&req->in.bufinfo, p, 21) || level == RAW_SEARCH_FUNIQUE) { smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; @@ -242,13 +242,13 @@ void smbsrv_reply_fclose(struct smbsrv_request *req) SMBSRV_SETUP_NTVFS_REQUEST(reply_fclose_send, NTVFS_ASYNC_STATE_MAY_ASYNC); p = req->in.data; - p += req_pull_ascii4(req, &pattern, p, STR_TERMINATE); + p += req_pull_ascii4(&req->in.bufinfo, &pattern, p, STR_TERMINATE); if (pattern && *pattern) { smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; } - if (req_data_oob(req, p, 3)) { + if (req_data_oob(&req->in.bufinfo, p, 3)) { smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; } @@ -264,7 +264,7 @@ void smbsrv_reply_fclose(struct smbsrv_request *req) return; } - if (req_data_oob(req, p, 21)) { + if (req_data_oob(&req->in.bufinfo, p, 21)) { smbsrv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; } -- cgit