1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pdu

One SMB2_TRANSFORM pdu wraps multiple SMB2 pdus.

We inject the SMB2_TRANSFORM header to each response which was wrapped
inside. This allows the next layer to verify if the SMB2 pdu was encrypted.

metze
This commit is contained in:
Stefan Metzmacher 2012-08-14 09:33:01 +02:00
parent 84f6b0f962
commit 7a7e9b1c76

View File

@ -2953,6 +2953,9 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
int num_iov = 0; int num_iov = 0;
size_t taken = 0; size_t taken = 0;
uint8_t *first_hdr = buf; uint8_t *first_hdr = buf;
size_t verified_buflen = 0;
uint8_t *tf = NULL;
size_t tf_len = 0;
iov = talloc_array(mem_ctx, struct iovec, num_iov); iov = talloc_array(mem_ctx, struct iovec, num_iov);
if (iov == NULL) { if (iov == NULL) {
@ -2960,8 +2963,6 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
} }
while (taken < buflen) { while (taken < buflen) {
uint8_t *tf = NULL;
size_t tf_len = 0;
size_t len = buflen - taken; size_t len = buflen - taken;
uint8_t *hdr = first_hdr + taken; uint8_t *hdr = first_hdr + taken;
struct iovec *cur; struct iovec *cur;
@ -2970,6 +2971,13 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
uint16_t body_size; uint16_t body_size;
struct iovec *iov_tmp; struct iovec *iov_tmp;
if (verified_buflen > taken) {
len = verified_buflen - taken;
} else {
tf = NULL;
tf_len = 0;
}
if (len < 4) { if (len < 4) {
DEBUG(10, ("%d bytes left, expected at least %d\n", DEBUG(10, ("%d bytes left, expected at least %d\n",
(int)len, 4)); (int)len, 4));
@ -3020,6 +3028,8 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
TALLOC_FREE(iov); TALLOC_FREE(iov);
return status; return status;
} }
verified_buflen = taken + len;
} }
/* /*
@ -3053,9 +3063,6 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
if (next_command_ofs > full_size) { if (next_command_ofs > full_size) {
goto inval; goto inval;
} }
if (tf && next_command_ofs < len) {
goto inval;
}
full_size = next_command_ofs; full_size = next_command_ofs;
} }
if (body_size < 2) { if (body_size < 2) {