mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r11724: - move checks packet size and protocol version,
before we create the request structure
- move code into one function
metze
(This used to be commit 96345b1c46
)
This commit is contained in:
parent
36639831c0
commit
7dd6e5fe92
@ -204,6 +204,8 @@ struct data_blob_list_item {
|
||||
/* 64 bit time (100 nanosec) 1601 - cifs6.txt, section 3.5, page 30, 4 byte aligned */
|
||||
typedef uint64_t NTTIME;
|
||||
|
||||
#define SMB_MAGIC 0x424D53FF /* 0xFF 'S' 'M' 'B' */
|
||||
|
||||
/* the basic packet size, assuming no words or bytes. Does not include the NBT header */
|
||||
#define MIN_SMB_SIZE 35
|
||||
|
||||
|
@ -62,8 +62,7 @@ BOOL req_send_oplock_break(struct smbsrv_tcon *tcon, uint16_t fnum, uint8_t leve
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
static void construct_reply(struct smbsrv_request *req);
|
||||
static void switch_message(int type, struct smbsrv_request *req);
|
||||
|
||||
/****************************************************************************
|
||||
receive a SMB request header from the wire, forming a request_context
|
||||
@ -73,11 +72,39 @@ static NTSTATUS receive_smb_request(void *private, DATA_BLOB blob)
|
||||
{
|
||||
struct smbsrv_connection *smb_conn = talloc_get_type(private, struct smbsrv_connection);
|
||||
struct smbsrv_request *req;
|
||||
uint8_t command;
|
||||
|
||||
/* see if its a special NBT packet */
|
||||
if (CVAL(blob.data, 0) != 0) {
|
||||
req = init_smb_request(smb_conn);
|
||||
NT_STATUS_HAVE_NO_MEMORY(req);
|
||||
|
||||
ZERO_STRUCT(req->in);
|
||||
|
||||
req->in.buffer = talloc_steal(req, blob.data);
|
||||
req->in.size = blob.length;
|
||||
req->request_time = timeval_current();
|
||||
|
||||
reply_special(req);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
if ((NBT_HDR_SIZE + MIN_SMB_SIZE) > blob.length) {
|
||||
DEBUG(2,("Invalid SMB packet: length %d\n", blob.length));
|
||||
smbsrv_terminate_connection(smb_conn, "Invalid SMB packet");
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/* Make sure this is an SMB packet */
|
||||
if (IVAL(blob.data, NBT_HDR_SIZE) != SMB_MAGIC) {
|
||||
DEBUG(2,("Non-SMB packet of length %d. Terminating connection\n",
|
||||
blob.length));
|
||||
smbsrv_terminate_connection(smb_conn, "Non-SMB packet");
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
req = init_smb_request(smb_conn);
|
||||
if (req == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
NT_STATUS_HAVE_NO_MEMORY(req);
|
||||
|
||||
req->in.buffer = talloc_steal(req, blob.data);
|
||||
req->in.size = blob.length;
|
||||
@ -105,8 +132,29 @@ static NTSTATUS receive_smb_request(void *private, DATA_BLOB blob)
|
||||
}
|
||||
}
|
||||
|
||||
construct_reply(req);
|
||||
if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
|
||||
DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
|
||||
smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
|
||||
DEBUG(2,("Invalid SMB buffer length count %d\n", req->in.data_size));
|
||||
smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
req->flags = CVAL(req->in.hdr, HDR_FLG);
|
||||
req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
|
||||
req->smbpid = SVAL(req->in.hdr, HDR_PID);
|
||||
|
||||
if (!req_signing_check_incoming(req)) {
|
||||
req_reply_error(req, NT_STATUS_ACCESS_DENIED);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
command = CVAL(req->in.hdr, HDR_COM);
|
||||
switch_message(command, req);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -514,53 +562,6 @@ static void switch_message(int type, struct smbsrv_request *req)
|
||||
smb_messages[type].fn(req);
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
Construct a reply to the incoming packet.
|
||||
****************************************************************************/
|
||||
static void construct_reply(struct smbsrv_request *req)
|
||||
{
|
||||
uint8_t type = CVAL(req->in.hdr,HDR_COM);
|
||||
|
||||
/* see if its a special NBT packet */
|
||||
if (CVAL(req->in.buffer,0) != 0) {
|
||||
reply_special(req);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Make sure this is an SMB packet */
|
||||
if (memcmp(req->in.hdr,"\377SMB",4) != 0) {
|
||||
DEBUG(2,("Non-SMB packet of length %d. Terminating connection\n",
|
||||
req->in.size));
|
||||
smbsrv_terminate_connection(req->smb_conn, "Non-SMB packet");
|
||||
return;
|
||||
}
|
||||
|
||||
if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
|
||||
DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
|
||||
smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
|
||||
return;
|
||||
}
|
||||
|
||||
if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
|
||||
DEBUG(2,("Invalid SMB buffer length count %d\n", req->in.data_size));
|
||||
smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
|
||||
return;
|
||||
}
|
||||
|
||||
req->flags = CVAL(req->in.hdr, HDR_FLG);
|
||||
req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
|
||||
req->smbpid = SVAL(req->in.hdr,HDR_PID);
|
||||
|
||||
if (!req_signing_check_incoming(req)) {
|
||||
req_reply_error(req, NT_STATUS_ACCESS_DENIED);
|
||||
return;
|
||||
}
|
||||
|
||||
switch_message(type, req);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
we call this when first first part of a possibly chained request has been completed
|
||||
and we need to call the 2nd part, if any
|
||||
|
Loading…
Reference in New Issue
Block a user