From 2fe95f6a3020ed2d582f94ab7640e8ef640a1c36 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jan 2023 17:22:12 -0800 Subject: [PATCH] s3: smbd: Ensure check_fsp_ntquota_handle() doesn't send SMB1 error packets. check_fsp_ntquota_handle() is called from SMB2 codepaths as well as from SMB1. Even in the SMB1 cases the callers of check_fsp_ntquota_handle() handle sendng the error packet when check_fsp_ntquota_handle returns false so on a 'return false' we'd end up sending an error packet twice. The SMB2 callers of check_fsp_ntquota_handle() already check that fsp is valid, so there's no danger of us sending an SMB1 error packet over the SMB2 stream (so I'm not classing this as a bug to be back-ported). Fix check_fsp_ntquota_handle() by inlineing the check_fsp_open() functionality without the reply_nterror() calls. This will allow the next commit to move check_fsp_open() with the implicit reply_nterror() and also check_fsp() (which calls check_fsp_open()) into the SMB1 smb1_reply.c file as SMB1-only code. Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke --- source3/smbd/smb2_reply.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source3/smbd/smb2_reply.c b/source3/smbd/smb2_reply.c index 90aa92193b9..8b2eca20cb1 100644 --- a/source3/smbd/smb2_reply.c +++ b/source3/smbd/smb2_reply.c @@ -572,7 +572,11 @@ bool check_fsp(connection_struct *conn, struct smb_request *req, bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req, files_struct *fsp) { - if (!check_fsp_open(conn, req, fsp)) { + if ((fsp == NULL) || (conn == NULL)) { + return false; + } + + if ((conn != fsp->conn) || (req->vuid != fsp->vuid)) { return false; }