sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

smbd: Don't crash in cli_fsctl_send()

Browse Source 
If you run "allinfo" on a symlink with NT1, cli_readlink_send sends a
NULL "in" blob. Do the same as smb2cli_ioctl_send() does, just send
NULL/0 in that case and don't crash.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Volker Lendecke 2023-07-05 14:07:11 +02:00 committed by Stefan Metzmacher
parent f348b84fbc
commit 874c693b58
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
source3/libsmb/clifile.c
View File

@ -7243,6 +7243,8 @@ struct tevent_req *cli_fsctl_send(
struct tevent_req *req = NULL, *subreq = NULL;
struct cli_fsctl_state *state = NULL;
uint16_t *setup = NULL;
uint8_t *data = NULL;
uint32_t num_data = 0;
req = tevent_req_create(mem_ctx, &state, struct cli_fsctl_state);
if (req == NULL) {
@ -7268,17 +7270,29 @@ struct tevent_req *cli_fsctl_send(
SCVAL(setup, 6, 1); /* IsFcntl */
SCVAL(setup, 7, 0); /* IsFlags */
subreq = cli_trans_send(
state, ev, cli,
0, /* additional_flags2 */
SMBnttrans, /* cmd */
NULL, /* name */
-1, /* fid */
NT_TRANSACT_IOCTL, /* function */
0, /* flags */
setup, 4, 0, /* setup */
NULL, 0, 0, /* param */
in->data, in->length, max_out); /* data */
if (in) {
data = in->data;
num_data = in->length;
}
subreq = cli_trans_send(state,
ev,
cli,
0, /* additional_flags2 */
SMBnttrans, /* cmd */
NULL, /* name */
-1, /* fid */
NT_TRANSACT_IOCTL, /* function */
0, /* flags */
setup,
4,
0, /* setup */
NULL,
0,
0, /* param */
data,
num_data,
max_out); /* data */
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);