sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s3:smbd: fix parsing of invalid SMB2 requests.

Browse Source 
Because of 0 - 2 => 0xFFFFFFFE, we got EMSGSIZE
from the tstream layer. And terminate the transport
connection. Instead we should let the caller deal with
the invalid parameter, when checking the body size.
So the caller always gets at least a 2 byte body.

metze
This commit is contained in:
Stefan Metzmacher 2009-07-08 17:02:00 +02:00
parent db1e582568
commit 12ed9ca36a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source3/smbd/smb2_server.c
View File

@ -1339,7 +1339,7 @@ static int smbd_smb2_request_next_vector(struct tstream_context *stream,
if (invalid) {
/* the caller should check this */
body_size = 0;
body_size = 2;
}
if ((body_size % 2) != 0) {
@ -1376,7 +1376,7 @@ static int smbd_smb2_request_next_vector(struct tstream_context *stream,
*/
memcpy(body, hdr + SMB2_HDR_BODY, 2);
vector[0].iov_base = body + 2;
vector[0].iov_len = req->in.vector[idx].iov_len - 2;
vector[0].iov_len = body_size - 2;
vector[1] = req->in.vector[idx+1];