sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

For read&x replies, check the offset

Browse Source
This commit is contained in:
Volker Lendecke 2008-11-19 22:55:06 +01:00
parent 3c66ba0b3c
commit fd2bac9667
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
source3/libsmb/clireadwrite.c
View File

@ -109,6 +109,7 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
uint16_t *vwv;
uint16_t num_bytes;
uint8_t *bytes;
uint8_t *buf;
NTSTATUS status;
size_t size;
@ -136,6 +137,24 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
return NT_STATUS_UNEXPECTED_IO_ERROR;
}
/*
* bcc field must be valid for small reads, for large reads the 16-bit
* bcc field can't be correct.
*/
if ((size < 0xffff) && (size > num_bytes)) {
DEBUG(5, ("server announced more bytes than sent\n"));
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
buf = (uint8_t *)smb_base(cli_req->inbuf) + SVAL(vwv+6, 0);
if (trans_oob(smb_len(cli_req->inbuf), SVAL(vwv+6, 0), size)
|| (buf < bytes)) {
DEBUG(5, ("server returned invalid read&x data offset\n"));
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
*rcvbuf = (uint8_t *)(smb_base(cli_req->inbuf) + SVAL(vwv + 6, 0));
*received = size;
return NT_STATUS_OK;