mirror of
https://github.com/samba-team/samba.git
synced 2025-07-30 19:42:05 +03:00
Remove pstrings. Ensure we validate offsets.
Jeremy.
(This used to be commit ff06cc34e6
)
This commit is contained in:
@ -1,18 +1,18 @@
|
||||
/*
|
||||
/*
|
||||
Unix SMB/CIFS implementation.
|
||||
client directory list routines
|
||||
Copyright (C) Andrew Tridgell 1994-1998
|
||||
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
@ -21,6 +21,22 @@
|
||||
|
||||
extern file_info def_finfo;
|
||||
|
||||
/****************************************************************************
|
||||
Calculate a safe next_entry_offset.
|
||||
****************************************************************************/
|
||||
|
||||
static size_t calc_next_entry_offset(const char *base, const char *pdata_end)
|
||||
{
|
||||
size_t next_entry_offset = (size_t)IVAL(base,0);
|
||||
|
||||
if (next_entry_offset == 0 ||
|
||||
base + next_entry_offset < base ||
|
||||
base + next_entry_offset > pdata_end) {
|
||||
next_entry_offset = pdata_end - base;
|
||||
}
|
||||
return next_entry_offset;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Interpret a long filename structure - this is mostly guesses at the moment.
|
||||
The length of the structure is returned
|
||||
@ -28,12 +44,19 @@ extern file_info def_finfo;
|
||||
by NT and 2 is used by OS/2
|
||||
****************************************************************************/
|
||||
|
||||
static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,file_info *finfo,
|
||||
uint32 *p_resume_key, DATA_BLOB *p_last_name_raw, uint32 *p_last_name_raw_len)
|
||||
static size_t interpret_long_filename(struct cli_state *cli,
|
||||
int level,
|
||||
const char *p,
|
||||
const char *pdata_end,
|
||||
file_info *finfo,
|
||||
uint32 *p_resume_key,
|
||||
DATA_BLOB *p_last_name_raw)
|
||||
{
|
||||
file_info finfo2;
|
||||
int len;
|
||||
char *base = p;
|
||||
const char *base = p;
|
||||
|
||||
data_blob_free(p_last_name_raw);
|
||||
|
||||
if (!finfo) {
|
||||
finfo = &finfo2;
|
||||
@ -49,6 +72,9 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
|
||||
case 1: /* OS/2 understands this */
|
||||
/* these dates are converted to GMT by
|
||||
make_unix_date */
|
||||
if (pdata_end - base < 27) {
|
||||
return pdata_end - base;
|
||||
}
|
||||
finfo->ctime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+4));
|
||||
finfo->atime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+8));
|
||||
finfo->mtime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+12));
|
||||
@ -57,19 +83,25 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
|
||||
len = CVAL(p, 26);
|
||||
p += 27;
|
||||
p += clistr_align_in(cli, p, 0);
|
||||
if (p + len + 2 > pdata_end) {
|
||||
return pdata_end - base;
|
||||
}
|
||||
/* the len+2 below looks strange but it is
|
||||
important to cope with the differences
|
||||
between win2000 and win9x for this call
|
||||
(tridge) */
|
||||
p += clistr_pull(cli, finfo->name, p,
|
||||
sizeof(finfo->name),
|
||||
len+2,
|
||||
len+2,
|
||||
STR_TERMINATE);
|
||||
return PTR_DIFF(p, base);
|
||||
|
||||
case 2: /* this is what OS/2 uses mostly */
|
||||
/* these dates are converted to GMT by
|
||||
make_unix_date */
|
||||
if (pdata_end - base < 31) {
|
||||
return pdata_end - base;
|
||||
}
|
||||
finfo->ctime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+4));
|
||||
finfo->atime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+8));
|
||||
finfo->mtime_ts = convert_time_t_to_timespec(cli_make_unix_date2(cli, p+12));
|
||||
@ -78,22 +110,30 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
|
||||
len = CVAL(p, 30);
|
||||
p += 31;
|
||||
/* check for unisys! */
|
||||
if (p + len + 1 > pdata_end) {
|
||||
return pdata_end - base;
|
||||
}
|
||||
p += clistr_pull(cli, finfo->name, p,
|
||||
sizeof(finfo->name),
|
||||
len,
|
||||
len,
|
||||
STR_NOALIGN);
|
||||
return PTR_DIFF(p, base) + 1;
|
||||
|
||||
|
||||
case 260: /* NT uses this, but also accepts 2 */
|
||||
{
|
||||
size_t namelen, slen;
|
||||
|
||||
if (pdata_end - base < 94) {
|
||||
return pdata_end - base;
|
||||
}
|
||||
|
||||
p += 4; /* next entry offset */
|
||||
|
||||
if (p_resume_key) {
|
||||
*p_resume_key = IVAL(p,0);
|
||||
}
|
||||
p += 4; /* fileindex */
|
||||
|
||||
|
||||
/* Offset zero is "create time", not "change time". */
|
||||
p += 8;
|
||||
finfo->atime_ts = interpret_long_date(p);
|
||||
@ -111,7 +151,11 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
|
||||
p += 4;
|
||||
p += 4; /* EA size */
|
||||
slen = SVAL(p, 0);
|
||||
p += 2;
|
||||
if (slen > 24) {
|
||||
/* Bad short name length. */
|
||||
return pdata_end - base;
|
||||
}
|
||||
p += 2;
|
||||
{
|
||||
/* stupid NT bugs. grr */
|
||||
int flags = 0;
|
||||
@ -120,7 +164,10 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
|
||||
sizeof(finfo->short_name),
|
||||
slen, flags);
|
||||
}
|
||||
p += 24; /* short name? */
|
||||
p += 24; /* short name? */
|
||||
if (p + namelen < p || p + namelen > pdata_end) {
|
||||
return pdata_end - base;
|
||||
}
|
||||
clistr_pull(cli, finfo->name, p,
|
||||
sizeof(finfo->name),
|
||||
namelen, 0);
|
||||
@ -130,29 +177,24 @@ static size_t interpret_long_filename(struct cli_state *cli, int level,char *p,f
|
||||
Namelen doesn't include the terminating unicode null, so
|
||||
copy it here. */
|
||||
|
||||
if (p_last_name_raw && p_last_name_raw_len) {
|
||||
if (namelen + 2 > p_last_name_raw->length) {
|
||||
memset(p_last_name_raw->data, '\0', sizeof(p_last_name_raw->length));
|
||||
*p_last_name_raw_len = 0;
|
||||
} else {
|
||||
memcpy(p_last_name_raw->data, p, namelen);
|
||||
SSVAL(p_last_name_raw->data, namelen, 0);
|
||||
*p_last_name_raw_len = namelen + 2;
|
||||
}
|
||||
if (p_last_name_raw) {
|
||||
*p_last_name_raw = data_blob(NULL, namelen+2);
|
||||
memcpy(p_last_name_raw->data, p, namelen);
|
||||
SSVAL(p_last_name_raw->data, namelen, 0);
|
||||
}
|
||||
return (size_t)IVAL(base, 0);
|
||||
return calc_next_entry_offset(base, pdata_end);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
DEBUG(1,("Unknown long filename format %d\n",level));
|
||||
return (size_t)IVAL(base,0);
|
||||
return calc_next_entry_offset(base, pdata_end);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Do a directory listing, calling fn on each file found.
|
||||
****************************************************************************/
|
||||
|
||||
int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
void (*fn)(const char *, file_info *, const char *, void *), void *state)
|
||||
{
|
||||
#if 1
|
||||
@ -161,8 +203,8 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
int max_matches = 512;
|
||||
#endif
|
||||
int info_level;
|
||||
char *p, *p2;
|
||||
pstring mask;
|
||||
char *p, *p2, *rdata_end;
|
||||
char *mask = NULL;
|
||||
file_info finfo;
|
||||
int i;
|
||||
char *dirlist = NULL;
|
||||
@ -174,19 +216,21 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
int ff_dir_handle=0;
|
||||
int loop_count = 0;
|
||||
char *rparam=NULL, *rdata=NULL;
|
||||
unsigned int param_len, data_len;
|
||||
unsigned int param_len, data_len;
|
||||
uint16 setup;
|
||||
pstring param;
|
||||
char param[1024];
|
||||
const char *mnt;
|
||||
uint32 resume_key = 0;
|
||||
uint32 last_name_raw_len = 0;
|
||||
DATA_BLOB last_name_raw = data_blob(NULL, 2*sizeof(pstring));
|
||||
DATA_BLOB last_name_raw = data_blob(NULL, 0);
|
||||
|
||||
/* NT uses 260, OS/2 uses 2. Both accept 1. */
|
||||
info_level = (cli->capabilities&CAP_NT_SMBS)?260:1;
|
||||
|
||||
pstrcpy(mask,Mask);
|
||||
|
||||
|
||||
mask = SMB_STRDUP(Mask);
|
||||
if (!mask) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (ff_eos == 0) {
|
||||
loop_count++;
|
||||
if (loop_count > 200) {
|
||||
@ -199,16 +243,16 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
SSVAL(param,0,attribute); /* attribute */
|
||||
SSVAL(param,2,max_matches); /* max count */
|
||||
SSVAL(param,4,(FLAG_TRANS2_FIND_REQUIRE_RESUME|FLAG_TRANS2_FIND_CLOSE_IF_END)); /* resume required + close on end */
|
||||
SSVAL(param,6,info_level);
|
||||
SSVAL(param,6,info_level);
|
||||
SIVAL(param,8,0);
|
||||
p = param+12;
|
||||
p += clistr_push(cli, param+12, mask, sizeof(param)-12,
|
||||
p += clistr_push(cli, param+12, mask, sizeof(param)-12,
|
||||
STR_TERMINATE);
|
||||
} else {
|
||||
setup = TRANSACT2_FINDNEXT;
|
||||
SSVAL(param,0,ff_dir_handle);
|
||||
SSVAL(param,2,max_matches); /* max count */
|
||||
SSVAL(param,4,info_level);
|
||||
SSVAL(param,4,info_level);
|
||||
/* For W2K servers serving out FAT filesystems we *must* set the
|
||||
resume key. If it's not FAT then it's returned as zero. */
|
||||
SIVAL(param,6,resume_key); /* ff_resume_key */
|
||||
@ -216,9 +260,9 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
can miss filenames. Use last filename continue instead. JRA */
|
||||
SSVAL(param,10,(FLAG_TRANS2_FIND_REQUIRE_RESUME|FLAG_TRANS2_FIND_CLOSE_IF_END)); /* resume required + close on end */
|
||||
p = param+12;
|
||||
if (last_name_raw_len && (last_name_raw_len < (sizeof(param)-12))) {
|
||||
memcpy(p, last_name_raw.data, last_name_raw_len);
|
||||
p += last_name_raw_len;
|
||||
if (last_name_raw.length && (last_name_raw.length < (sizeof(param)-12))) {
|
||||
memcpy(p, last_name_raw.data, last_name_raw.length);
|
||||
p += last_name_raw.length;
|
||||
} else {
|
||||
p += clistr_push(cli, param+12, mask, sizeof(param)-12, STR_TERMINATE);
|
||||
}
|
||||
@ -226,12 +270,12 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
|
||||
param_len = PTR_DIFF(p, param);
|
||||
|
||||
if (!cli_send_trans(cli, SMBtrans2,
|
||||
if (!cli_send_trans(cli, SMBtrans2,
|
||||
NULL, /* Name */
|
||||
-1, 0, /* fid, flags */
|
||||
&setup, 1, 0, /* setup, length, max */
|
||||
param, param_len, 10, /* param, length, max */
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
#if 0
|
||||
/* w2k value. */
|
||||
MIN(16384,cli->max_xmit) /* data, length, max. */
|
||||
@ -242,7 +286,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
break;
|
||||
}
|
||||
|
||||
if (!cli_receive_trans(cli, SMBtrans2,
|
||||
if (!cli_receive_trans(cli, SMBtrans2,
|
||||
&rparam, ¶m_len,
|
||||
&rdata, &data_len) &&
|
||||
cli_is_dos_error(cli)) {
|
||||
@ -289,15 +333,21 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
|
||||
/* point to the data bytes */
|
||||
p = rdata;
|
||||
rdata_end = rdata + data_len;
|
||||
|
||||
/* we might need the lastname for continuations */
|
||||
for (p2=p,i=0;i<ff_searchcount;i++) {
|
||||
for (p2=p,i=0;i<ff_searchcount && p2 < rdata_end;i++) {
|
||||
if ((info_level == 260) && (i == ff_searchcount-1)) {
|
||||
/* Last entry - fixup the last offset length. */
|
||||
SIVAL(p2,0,PTR_DIFF((rdata + data_len),p2));
|
||||
}
|
||||
p2 += interpret_long_filename(cli,info_level,p2,&finfo,
|
||||
&resume_key,&last_name_raw,&last_name_raw_len);
|
||||
p2 += interpret_long_filename(cli,
|
||||
info_level,
|
||||
p2,
|
||||
rdata_end,
|
||||
&finfo,
|
||||
&resume_key,
|
||||
&last_name_raw);
|
||||
|
||||
if (!First && *mask && strcsequal(finfo.name, mask)) {
|
||||
DEBUG(0,("Error: Looping in FIND_NEXT as name %s has already been seen?\n",
|
||||
@ -307,10 +357,16 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
}
|
||||
}
|
||||
|
||||
SAFE_FREE(mask);
|
||||
if (ff_searchcount > 0) {
|
||||
pstrcpy(mask, finfo.name);
|
||||
mask = SMB_STRDUP(finfo.name);
|
||||
} else {
|
||||
pstrcpy(mask,"");
|
||||
mask = SMB_STRDUP("");
|
||||
}
|
||||
if (!mask) {
|
||||
SAFE_FREE(rdata);
|
||||
SAFE_FREE(rparam);
|
||||
break;
|
||||
}
|
||||
|
||||
/* grab the data for later use */
|
||||
@ -348,9 +404,15 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
total_received = -1;
|
||||
} else {
|
||||
/* no connection problem. let user function add each entry */
|
||||
rdata_end = dirlist + dirlist_len;
|
||||
for (p=dirlist,i=0;i<total_received;i++) {
|
||||
p += interpret_long_filename(cli, info_level, p,
|
||||
&finfo,NULL,NULL,NULL);
|
||||
p += interpret_long_filename(cli,
|
||||
info_level,
|
||||
p,
|
||||
rdata_end,
|
||||
&finfo,
|
||||
NULL,
|
||||
NULL);
|
||||
fn( mnt,&finfo, Mask, state );
|
||||
}
|
||||
}
|
||||
@ -358,6 +420,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
/* free up the dirlist buffer and last name raw blob */
|
||||
SAFE_FREE(dirlist);
|
||||
data_blob_free(&last_name_raw);
|
||||
SAFE_FREE(mask);
|
||||
return(total_received);
|
||||
}
|
||||
|
||||
@ -373,7 +436,7 @@ static int interpret_short_filename(struct cli_state *cli, char *p,file_info *fi
|
||||
|
||||
finfo->cli = cli;
|
||||
finfo->mode = CVAL(p,21);
|
||||
|
||||
|
||||
/* this date is converted to GMT by make_unix_date */
|
||||
finfo->ctime_ts.tv_sec = cli_make_unix_date(cli, p+22);
|
||||
finfo->ctime_ts.tv_nsec = 0;
|
||||
@ -396,7 +459,7 @@ static int interpret_short_filename(struct cli_state *cli, char *p,file_info *fi
|
||||
but should otherwise not be used.
|
||||
****************************************************************************/
|
||||
|
||||
int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
void (*fn)(const char *, file_info *, const char *, void *), void *state)
|
||||
{
|
||||
char *p;
|
||||
@ -407,12 +470,15 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
int num_received = 0;
|
||||
int i;
|
||||
char *dirlist = NULL;
|
||||
pstring mask;
|
||||
|
||||
char *mask = NULL;
|
||||
|
||||
ZERO_ARRAY(status);
|
||||
|
||||
pstrcpy(mask,Mask);
|
||||
|
||||
mask = SMB_STRDUP(Mask);
|
||||
if (!mask) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (1) {
|
||||
memset(cli->outbuf,'\0',smb_size);
|
||||
memset(cli->inbuf,'\0',smb_size);
|
||||
@ -426,10 +492,10 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
|
||||
SSVAL(cli->outbuf,smb_vwv0,num_asked);
|
||||
SSVAL(cli->outbuf,smb_vwv1,attribute);
|
||||
|
||||
|
||||
p = smb_buf(cli->outbuf);
|
||||
*p++ = 4;
|
||||
|
||||
|
||||
p += clistr_push(cli, p, first?mask:"", -1, STR_TERMINATE);
|
||||
*p++ = 5;
|
||||
if (first) {
|
||||
@ -455,6 +521,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
dirlist,(num_received + received)*DIR_STRUCT_SIZE);
|
||||
if (!dirlist) {
|
||||
DEBUG(0,("cli_list_old: failed to expand dirlist"));
|
||||
SAFE_FREE(mask);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -462,11 +529,11 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
|
||||
memcpy(dirlist+num_received*DIR_STRUCT_SIZE,
|
||||
p,received*DIR_STRUCT_SIZE);
|
||||
|
||||
|
||||
memcpy(status,p + ((received-1)*DIR_STRUCT_SIZE),21);
|
||||
|
||||
|
||||
num_received += received;
|
||||
|
||||
|
||||
if (cli_is_error(cli)) break;
|
||||
}
|
||||
|
||||
@ -491,7 +558,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
p += 2;
|
||||
memcpy(p,status,21);
|
||||
p += 21;
|
||||
|
||||
|
||||
cli_setup_bcc(cli, p);
|
||||
cli_send_smb(cli);
|
||||
if (!cli_receive_smb(cli)) {
|
||||
@ -505,6 +572,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
fn("\\", &finfo, Mask, state);
|
||||
}
|
||||
|
||||
SAFE_FREE(mask);
|
||||
SAFE_FREE(dirlist);
|
||||
return(num_received);
|
||||
}
|
||||
@ -514,7 +582,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
This auto-switches between old and new style.
|
||||
****************************************************************************/
|
||||
|
||||
int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
|
||||
void (*fn)(const char *, file_info *, const char *, void *), void *state)
|
||||
{
|
||||
if (cli->protocol <= PROTOCOL_LANMAN1)
|
||||
|
Reference in New Issue
Block a user