sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

r23726: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The next

Browse Source 
checkin will pull this up to srvstr_get_path. At that point we can get more
independent of the inbuf, the base_ptr in pull_string will only be used
to satisfy UCS2 alignment constraints.
This commit is contained in:
Volker Lendecke 2007-07-05 16:33:37 +00:00 committed by Gerald (Jerry) Carter
parent a50555dda7
commit 836782b07b
13 changed files with 99 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source/include/safe_string.h
View File

@ -164,7 +164,7 @@ size_t __unsafe_string_function_usage_here_char__(void);
#define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define safe_strcpy(dest,src,maxlength) safe_strcpy_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength)
#define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength) #define safe_strcat(dest,src,maxlength) safe_strcat_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE,dest,src,maxlength)
#define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) #define push_string(base_ptr, dest, src, dest_len, flags) push_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags)
#define pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, src_len, flags) #define pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) pull_string_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags)
#define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags) #define clistr_push(cli, dest, src, dest_len, flags) clistr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, flags)
#define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags) #define clistr_pull(cli, dest, src, dest_len, src_len, flags) clistr_pull_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, cli, dest, src, dest_len, src_len, flags)
#define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags) #define srvstr_push(base_ptr, dest, src, dest_len, flags) srvstr_push_fn2(SAFE_STRING_FUNCTION_NAME, SAFE_STRING_LINE, base_ptr, dest, src, dest_len, flags)
@ -193,10 +193,10 @@ size_t __unsafe_string_function_usage_here_char__(void);
? __unsafe_string_function_usage_here_size_t__() \ ? __unsafe_string_function_usage_here_size_t__() \
: push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags)) : push_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, flags))
#define pull_string_fn2(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags) \ #define pull_string_fn2(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \
(CHECK_STRING_SIZE(dest, dest_len) \ (CHECK_STRING_SIZE(dest, dest_len) \
? __unsafe_string_function_usage_here_size_t__() \ ? __unsafe_string_function_usage_here_size_t__() \
: pull_string_fn(fn_name, fn_line, base_ptr, dest, src, dest_len, src_len, flags)) : pull_string_fn(fn_name, fn_line, base_ptr, smb_flags2, dest, src, dest_len, src_len, flags))
#define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \ #define clistr_push_fn2(fn_name, fn_line, cli, dest, src, dest_len, flags) \
(CHECK_STRING_SIZE(dest, dest_len) \ (CHECK_STRING_SIZE(dest, dest_len) \

8
source/include/srvstr.h
View File

@ -18,14 +18,14 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/ */
#define srvstr_pull(base_ptr, dest, src, dest_len, src_len, flags) \ #define srvstr_pull(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags) \
pull_string(base_ptr, dest, src, dest_len, src_len, flags) pull_string(base_ptr, smb_flags2, dest, src, dest_len, src_len, flags)
/* pull a string from the smb_buf part of a packet. In this case the /* pull a string from the smb_buf part of a packet. In this case the
string can either be null terminated or it can be terminated by the string can either be null terminated or it can be terminated by the
end of the smbbuf area end of the smbbuf area
*/ */
#define srvstr_pull_buf(inbuf, dest, src, dest_len, flags) \ #define srvstr_pull_buf(inbuf, smb_flags2, dest, src, dest_len, flags) \
pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags) pull_string(inbuf, smb_flags2, dest, src, dest_len, smb_bufrem(inbuf, src), flags)

12
source/lib/charcnv.c
View File

@ -1376,16 +1376,24 @@ size_t push_string_fn(const char *function, unsigned int line, const void *base_
The resulting string in "dest" is always null terminated. The resulting string in "dest" is always null terminated.
**/ **/
size_t pull_string_fn(const char *function, unsigned int line, const void *base_ptr, char *dest, const void *src, size_t dest_len, size_t src_len, int flags) size_t pull_string_fn(const char *function, unsigned int line,
const void *base_ptr, uint16 smb_flags2, char *dest,
const void *src, size_t dest_len, size_t src_len,
int flags)
{ {
#ifdef DEVELOPER #ifdef DEVELOPER
if (dest_len != (size_t)-1) if (dest_len != (size_t)-1)
clobber_region(function, line, dest, dest_len); clobber_region(function, line, dest, dest_len);
#endif #endif
if ((base_ptr == NULL) && ((flags & (STR_ASCII|STR_UNICODE)) == 0)) {
smb_panic("No base ptr to get flg2 and neither ASCII nor "
"UNICODE defined");
}
if (!(flags & STR_ASCII) && \ if (!(flags & STR_ASCII) && \
((flags & STR_UNICODE || \ ((flags & STR_UNICODE || \
(SVAL(base_ptr, smb_flg2) & FLAGS2_UNICODE_STRINGS)))) { (smb_flags2 & FLAGS2_UNICODE_STRINGS)))) {
return pull_ucs2(base_ptr, dest, src, dest_len, src_len, flags); return pull_ucs2(base_ptr, dest, src, dest_len, src_len, flags);
} }
return pull_ascii(dest, src, dest_len, src_len, flags); return pull_ascii(dest, src, dest_len, src_len, flags);

4
source/libsmb/clistr.c
View File

@ -43,7 +43,9 @@ size_t clistr_pull_fn(const char *function, unsigned int line,
int dest_len, int src_len, int dest_len, int src_len,
int flags) int flags)
{ {
return pull_string_fn(function, line, cli->inbuf, dest, src, dest_len, src_len, flags); return pull_string_fn(function, line, cli->inbuf,
SVAL(cli->inbuf, smb_flg2), dest, src, dest_len,
src_len, flags);
} }

17
source/libsmb/ntlmssp_parse.c
View File

@ -220,9 +220,10 @@ BOOL msrpc_parse(const DATA_BLOB *blob,
return False; return False;
if (0 < len1) { if (0 < len1) {
pull_string(NULL, p, blob->data + ptr, sizeof(p), pull_string(
len1, NULL, 0, p,
STR_UNICODE|STR_NOALIGN); blob->data + ptr, sizeof(p),
len1, STR_UNICODE|STR_NOALIGN);
(*ps) = smb_xstrdup(p); (*ps) = smb_xstrdup(p);
} else { } else {
(*ps) = smb_xstrdup(""); (*ps) = smb_xstrdup("");
@ -248,9 +249,10 @@ BOOL msrpc_parse(const DATA_BLOB *blob,
return False; return False;
if (0 < len1) { if (0 < len1) {
pull_string(NULL, p, blob->data + ptr, sizeof(p), pull_string(
len1, NULL, 0, p,
STR_ASCII|STR_NOALIGN); blob->data + ptr, sizeof(p),
len1, STR_ASCII|STR_NOALIGN);
(*ps) = smb_xstrdup(p); (*ps) = smb_xstrdup(p);
} else { } else {
(*ps) = smb_xstrdup(""); (*ps) = smb_xstrdup("");
@ -300,7 +302,8 @@ BOOL msrpc_parse(const DATA_BLOB *blob,
if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data)
return False; return False;
head_ofs += pull_string(NULL, p, blob->data+head_ofs, sizeof(p), head_ofs += pull_string(
NULL, 0, p, blob->data+head_ofs, sizeof(p),
blob->length - head_ofs, blob->length - head_ofs,
STR_ASCII|STR_TERMINATE); STR_ASCII|STR_TERMINATE);
if (strcmp(s, p) != 0) { if (strcmp(s, p) != 0) {

3
source/libsmb/smbencrypt.c
View File

@ -555,7 +555,8 @@ BOOL decode_pw_buffer(uint8 in_buffer[516], char *new_pwrd,
} }
/* decode into the return buffer. Buffer length supplied */ /* decode into the return buffer. Buffer length supplied */
*new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, *new_pw_len = pull_string(NULL, 0, new_pwrd,
&in_buffer[512 - byte_len], new_pwrd_size,
byte_len, string_flags); byte_len, string_flags);
#ifdef DEBUG_PASSWORD #ifdef DEBUG_PASSWORD

4
source/smbd/ipc.c
View File

@ -543,8 +543,8 @@ int reply_trans(connection_struct *conn,
state->one_way = BITSETW(inbuf+smb_vwv5,1); state->one_way = BITSETW(inbuf+smb_vwv5,1);
memset(state->name, '\0',sizeof(state->name)); memset(state->name, '\0',sizeof(state->name));
srvstr_pull_buf(inbuf, state->name, smb_buf(inbuf), srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), state->name,
sizeof(state->name), STR_TERMINATE); smb_buf(inbuf), sizeof(state->name), STR_TERMINATE);
if ((dscnt > state->total_data) || (pscnt > state->total_param)) if ((dscnt > state->total_data) || (pscnt > state->total_param))
goto bad_param; goto bad_param;

12
source/smbd/message.c
View File

@ -134,8 +134,10 @@ int reply_sends(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
outsize = set_message(inbuf,outbuf,0,0,True); outsize = set_message(inbuf,outbuf,0,0,True);
p = smb_buf(inbuf)+1; p = smb_buf(inbuf)+1;
p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p,
p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1;
p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p,
sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1;
msg = p; msg = p;
@ -176,8 +178,10 @@ int reply_sendstrt(connection_struct *conn, char *inbuf,char *outbuf, int dum_si
msgpos = 0; msgpos = 0;
p = smb_buf(inbuf)+1; p = smb_buf(inbuf)+1;
p += srvstr_pull_buf(inbuf, msgfrom, p, sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1; p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgfrom, p,
p += srvstr_pull_buf(inbuf, msgto, p, sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1; sizeof(msgfrom), STR_ASCII|STR_TERMINATE) + 1;
p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), msgto, p,
sizeof(msgto), STR_ASCII|STR_TERMINATE) + 1;
DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) ); DEBUG( 3, ( "SMBsendstrt (from %s to %s)\n", msgfrom, msgto ) );

3
source/smbd/nttrans.c
View File

@ -382,7 +382,8 @@ static int do_ntcreate_pipe_open(connection_struct *conn,
char *p = NULL; char *p = NULL;
uint32 flags = IVAL(inbuf,smb_ntcreate_Flags); uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
srvstr_pull_buf(inbuf, fname, smb_buf(inbuf), sizeof(fname), STR_TERMINATE); srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), fname, smb_buf(inbuf),
sizeof(fname), STR_TERMINATE);
if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) { if ((ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum)) != 0) {
return ret; return ret;

3
source/smbd/pipes.c
View File

@ -65,7 +65,8 @@ int reply_open_pipe_and_X(connection_struct *conn,
int i; int i;
/* XXXX we need to handle passed times, sattr and flags */ /* XXXX we need to handle passed times, sattr and flags */
srvstr_pull_buf(inbuf, pipe_name, smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE); srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), pipe_name,
smb_buf(inbuf), sizeof(pipe_name), STR_TERMINATE);
/* If the name doesn't start \PIPE\ then this is directed */ /* If the name doesn't start \PIPE\ then this is directed */
/* at a mailslot or something we really, really don't understand, */ /* at a mailslot or something we really, really don't understand, */

27
source/smbd/reply.c
View File

@ -218,9 +218,11 @@ size_t srvstr_get_path_wcard(char *inbuf, char *dest, const char *src, size_t de
#endif #endif
if (src_len == 0) { if (src_len == 0) {
ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags); ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src,
dest_len, flags);
} else { } else {
ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags); ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src,
dest_len, src_len, flags);
} }
*contains_wcard = False; *contains_wcard = False;
@ -255,9 +257,11 @@ size_t srvstr_get_path(char *inbuf, char *dest, const char *src, size_t dest_len
#endif #endif
if (src_len == 0) { if (src_len == 0) {
ret = srvstr_pull_buf( inbuf, dest, src, dest_len, flags); ret = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dest, src,
dest_len, flags);
} else { } else {
ret = srvstr_pull( inbuf, dest, src, dest_len, src_len, flags); ret = srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), dest, src,
dest_len, src_len, flags);
} }
if (SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) { if (SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) {
@ -391,10 +395,13 @@ int reply_tcon(connection_struct *conn,
*service_buf = *password = *dev = 0; *service_buf = *password = *dev = 0;
p = smb_buf(inbuf)+1; p = smb_buf(inbuf)+1;
p += srvstr_pull_buf(inbuf, service_buf, p, sizeof(service_buf), STR_TERMINATE) + 1; p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), service_buf, p,
pwlen = srvstr_pull_buf(inbuf, password, p, sizeof(password), STR_TERMINATE) + 1; sizeof(service_buf), STR_TERMINATE) + 1;
pwlen = srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), password, p,
sizeof(password), STR_TERMINATE) + 1;
p += pwlen; p += pwlen;
p += srvstr_pull_buf(inbuf, dev, p, sizeof(dev), STR_TERMINATE) + 1; p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), dev, p, sizeof(dev),
STR_TERMINATE) + 1;
p = strrchr_m(service_buf,'\\'); p = strrchr_m(service_buf,'\\');
if (p) { if (p) {
@ -478,7 +485,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
p = smb_buf(inbuf) + passlen + 1; p = smb_buf(inbuf) + passlen + 1;
} }
p += srvstr_pull_buf(inbuf, path, p, sizeof(path), STR_TERMINATE); p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), path, p,
sizeof(path), STR_TERMINATE);
/* /*
* the service name can be either: \\server\share * the service name can be either: \\server\share
@ -495,7 +503,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
else else
fstrcpy(service,path); fstrcpy(service,path);
p += srvstr_pull(inbuf, client_devicetype, p, sizeof(client_devicetype), 6, STR_ASCII); p += srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), client_devicetype, p,
sizeof(client_devicetype), 6, STR_ASCII);
DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service)); DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service));

39
source/smbd/sesssetup.c
View File

@ -1057,9 +1057,12 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
#endif #endif
p2 = inbuf + smb_vwv13 + data_blob_len; p2 = inbuf + smb_vwv13 + data_blob_len;
p2 += srvstr_pull_buf(inbuf, native_os, p2, sizeof(native_os), STR_TERMINATE); p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os, p2,
p2 += srvstr_pull_buf(inbuf, native_lanman, p2, sizeof(native_lanman), STR_TERMINATE); sizeof(native_os), STR_TERMINATE);
p2 += srvstr_pull_buf(inbuf, primary_domain, p2, sizeof(primary_domain), STR_TERMINATE); p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_lanman, p2,
sizeof(native_lanman), STR_TERMINATE);
p2 += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), primary_domain, p2,
sizeof(primary_domain), STR_TERMINATE);
DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n", DEBUG(3,("NativeOS=[%s] NativeLanMan=[%s] PrimaryDomain=[%s]\n",
native_os, native_lanman, primary_domain)); native_os, native_lanman, primary_domain));
@ -1283,7 +1286,9 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
plaintext_password.data[passlen1] = 0; plaintext_password.data[passlen1] = 0;
} }
srvstr_pull_buf(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), STR_TERMINATE); srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user,
smb_buf(inbuf)+passlen1, sizeof(user),
STR_TERMINATE);
*domain = 0; *domain = 0;
} else { } else {
@ -1363,21 +1368,28 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
if (unic && (passlen2 == 0) && passlen1) { if (unic && (passlen2 == 0) && passlen1) {
/* Only a ascii plaintext password was sent. */ /* Only a ascii plaintext password was sent. */
srvstr_pull(inbuf, pass, smb_buf(inbuf), sizeof(pass), srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass,
smb_buf(inbuf), sizeof(pass),
passlen1, STR_TERMINATE|STR_ASCII); passlen1, STR_TERMINATE|STR_ASCII);
} else { } else {
srvstr_pull(inbuf, pass, smb_buf(inbuf), srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pass,
sizeof(pass), unic ? passlen2 : passlen1, smb_buf(inbuf), sizeof(pass),
unic ? passlen2 : passlen1,
STR_TERMINATE); STR_TERMINATE);
} }
plaintext_password = data_blob(pass, strlen(pass)+1); plaintext_password = data_blob(pass, strlen(pass)+1);
} }
p += passlen1 + passlen2; p += passlen1 + passlen2;
p += srvstr_pull_buf(inbuf, user, p, sizeof(user), STR_TERMINATE); p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), user, p,
p += srvstr_pull_buf(inbuf, domain, p, sizeof(domain), STR_TERMINATE); sizeof(user), STR_TERMINATE);
p += srvstr_pull_buf(inbuf, native_os, p, sizeof(native_os), STR_TERMINATE); p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), domain, p,
p += srvstr_pull_buf(inbuf, native_lanman, p, sizeof(native_lanman), STR_TERMINATE); sizeof(domain), STR_TERMINATE);
p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2), native_os,
p, sizeof(native_os), STR_TERMINATE);
p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2),
native_lanman, p, sizeof(native_lanman),
STR_TERMINATE);
/* not documented or decoded by Ethereal but there is one more string /* not documented or decoded by Ethereal but there is one more string
in the extra bytes which is the same as the PrimaryDomain when using in the extra bytes which is the same as the PrimaryDomain when using
@ -1387,7 +1399,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
byte_count = SVAL(inbuf, smb_vwv13); byte_count = SVAL(inbuf, smb_vwv13);
if ( PTR_DIFF(p, save_p) < byte_count) if ( PTR_DIFF(p, save_p) < byte_count)
p += srvstr_pull_buf(inbuf, primary_domain, p, sizeof(primary_domain), STR_TERMINATE); p += srvstr_pull_buf(inbuf, SVAL(inbuf, smb_flg2),
primary_domain, p,
sizeof(primary_domain),
STR_TERMINATE);
else else
fstrcpy( primary_domain, "null" ); fstrcpy( primary_domain, "null" );

6
source/smbd/trans2.c
View File

@ -4530,7 +4530,8 @@ static NTSTATUS smb_set_file_unix_link(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
srvstr_pull(inbuf, link_target, pdata, sizeof(link_target), total_data, STR_TERMINATE); srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), link_target, pdata,
sizeof(link_target), total_data, STR_TERMINATE);
/* !widelinks forces the target path to be within the share. */ /* !widelinks forces the target path to be within the share. */
/* This means we can interpret the target as a pathname. */ /* This means we can interpret the target as a pathname. */
@ -6366,7 +6367,8 @@ static int call_trans2getdfsreferral(connection_struct *conn, char* inbuf, char*
if(!lp_host_msdfs()) if(!lp_host_msdfs())
return ERROR_DOS(ERRDOS,ERRbadfunc); return ERROR_DOS(ERRDOS,ERRbadfunc);
srvstr_pull(inbuf, pathname, &params[2], sizeof(pathname), total_params - 2, STR_TERMINATE); srvstr_pull(inbuf, SVAL(inbuf, smb_flg2), pathname, &params[2],
sizeof(pathname), total_params - 2, STR_TERMINATE);
if((reply_size = setup_dfs_referral(conn, pathname,max_referral_level,ppdata,&status)) < 0) if((reply_size = setup_dfs_referral(conn, pathname,max_referral_level,ppdata,&status)) < 0)
return ERROR_NT(status); return ERROR_NT(status);