sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
50,123 Commits 60 Branches 1,144 Tags 452 MiB
12f4d01f4a
Commit Graph

255 Commits

Author SHA1 Message Date
Volker Lendecke
2719216d60 Consolidate the buffer checks for the reply_trans style functions 
This is the one where I found the problem that led to 3.2.5. So if there is one
checkin in the last year that I would like others to review and *understand*,
it is this one :-)

Volker
 2008-11-28 09:22:34 +01:00
Volker Lendecke
9da3101e44 Remove the variable "size" from reply_trans 
This converts the range checks for the setup[] array to rely on req->wct being
set correctly in init_smb_request. As that already verifies the vwv array to be
in the range of the smb_request inbuf, we don't have to do overflow checks here
anymore.

Jeremy, please check thoroughly! :-)

Thanks,

Volker
 2008-11-28 08:23:46 +01:00
Volker Lendecke
114f519233 Fix the offset checks in the trans routines 
This fixes a potential crash bug, a client can make us read memory we
should not read. Luckily I got the disp checks right...

Volker
(cherry picked from commit 64a1d80851)
(cherry picked from commit f04c5650a3)
 2008-11-27 17:19:01 +01:00
Volker Lendecke
8315677ca3 Do not write into inbuf for the transs request 
Instead, fix up the outbuf in send_xx_reply. In those routines, we know
what we are returning.
 2008-11-08 10:42:29 +01:00
Volker Lendecke
7a35506bb8 Remove direct inbuf refs from send_trans_reply 2008-11-08 10:42:29 +01:00
Volker Lendecke
c2a280ac63 Pass smb_request to send_trans_reply to match with send_[nt]trans[2]_reply 2008-11-02 21:20:41 +01:00
Volker Lendecke
77f52d903f Use "vwv" in trans parsing 2008-11-02 17:46:08 +01:00
Volker Lendecke
2bab73a18d Remove a bunch of direct inbuf references by adding "vwv" to smb_request 2008-11-02 16:58:19 +01:00
Volker Lendecke
a31fab8156 Simplify params of srvstr_pull_buf_talloc() 
Now that "req" is available everywhere, use it. Rename srvstr_pull_buf_talloc()
to srvstr_pull_req()
 2008-11-02 09:22:40 +01:00
Volker Lendecke
7bdb571ec4 Remove a bunch of direct inbuf references by adding "buf" to smb_request 2008-11-01 19:41:08 +01:00
Volker Lendecke
ac126ea818 Use "struct files_struct" for pipes instead of smb_np_struct 2008-10-13 20:59:32 +02:00
Volker Lendecke
200b0deaef Fix some nonempty blank lines 2008-10-11 09:02:18 +02:00
Volker Lendecke
96a5d169dd Fix a typo 2008-10-09 12:06:38 +02:00
Volker Lendecke
cf9665016f Let send_trans_reply work on only the inbuf 
It does not really need the whole smb_request
(This used to be commit d3facf4cbd)
 2008-06-28 10:38:51 +02:00
Volker Lendecke
d62563342e Remove connection_struct->mem_ctx, connection_struct is its own parent 
(This used to be commit 559180f7d3)
 2008-05-05 11:23:13 +02:00
Jeremy Allison
86e59c50f1 Rewrite the wrap checks to deal with gcc 4.x optimisations. 
Karolin, please pull once Volker has reviewed. Thanks.
Jeremy.
(This used to be commit 09852899ca)
 2008-04-07 21:11:16 -07:00
Jeremy Allison
29562987c3 Now conn is part of smb_request, we don't need it as 
an extra parameter. This cleans up quite a few places
we were passing it around without needing it.
Jeremy.
(This used to be commit 8f36def18e)
 2008-01-04 15:37:24 -08:00
Jeremy Allison
9254bb4ef1 Refactor the crypto code after a very helpful conversation 
with Volker. Mostly making sure we have data on the incoming
packet type, not stored in the smb header.
Jeremy.
(This used to be commit c4e5a50504)
 2008-01-04 12:56:23 -08:00
Jeremy Allison
09fcb233a3 Don't need an fstring here, we can talloc. 
Jeremy.
(This used to be commit 3f6cc82637)
 2007-12-10 15:31:05 -08:00
Jeremy Allison
0e9a1c24a0 Fix crash bug with vl's new trans handling in old transs 
calls. Make this look like the (working) transs2 handling
(replace inbuf, not write to outbuf - outbuf isn't allocated
yet so you get a null deref).
Jeremy.
(This used to be commit f04e37a630)
 2007-12-04 12:53:21 -08:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting 
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
 2007-10-18 17:40:25 -07:00
Jeremy Allison
327ca9167e r25103: Ensure we don't return unwritten memory (valgrind caught). 
Jeremy.
(This used to be commit b3f0d39d11)
 2007-10-10 12:30:40 -05:00
Volker Lendecke
23998e1da8 r24320: Fix the wct checks in reply_trans2 and the reply_trans calls 
No idea what I've been smoking here.

Thanks to Stefan for closely looking
(This used to be commit 708f5af2e8)
 2007-10-10 12:29:28 -05:00
Volker Lendecke
b0ed26faf0 r24244: Complete the conversion of reply_trans[s] 
Remove reply_prep/post_legacy from send_trans_replies
(This used to be commit c08366f840)
 2007-10-10 12:29:20 -05:00
Volker Lendecke
d274724ebb r24243: Remove reply_prep_legacy from api_reply 
(This used to be commit b01664b43b)
 2007-10-10 12:29:20 -05:00
Volker Lendecke
43a77ab149 r24242: Remove reply_prep_legacy from api_rpc_trans_reply 
(This used to be commit 160f65946a)
 2007-10-10 12:29:20 -05:00
Volker Lendecke
40f6afcea2 r24241: Remove reply_prep_legacy from api_WNPHS and api_SNPHS 
(This used to be commit 8702450e91)
 2007-10-10 12:29:20 -05:00
Volker Lendecke
b8de67a2f2 r24240: Push down reply_prep_legacy one level inside api_fd_reply 
(This used to be commit 0bb95639d6)
 2007-10-10 12:29:20 -05:00
Volker Lendecke
fbe15d8db9 r24239: Push reply_prep_legacy into api_fd_reply 
(This used to be commit e2a9649792)
 2007-10-10 12:29:20 -05:00
Volker Lendecke
bcd0bf8e5e r24238: Push down reply_prep_legacy one level 
(This used to be commit a6a2d97fac)
 2007-10-10 12:29:19 -05:00
Volker Lendecke
d57a88a994 r24237: Add send_trans_reply_new 
(This used to be commit f0598b3ca0)
 2007-10-10 12:29:19 -05:00
Volker Lendecke
97a817dceb r24236: Push reply_prep_legacy() into named_pipe() 
(This used to be commit b38f9347e8)
 2007-10-10 12:29:19 -05:00
Volker Lendecke
3bb9f20bc3 r24235: Make handle_trans reply to errors itself 
(This used to be commit 06d0c74b74)
 2007-10-10 12:29:19 -05:00
Volker Lendecke
abc519ff43 r24234: Reformatting -- SCNR 
(This used to be commit 040d6d5db6)
 2007-10-10 12:29:19 -05:00
Volker Lendecke
e41528c3f4 r24233: Push reply_prep_legacy into handle_trans 
(This used to be commit dc27c3c668)
 2007-10-10 12:29:19 -05:00
Volker Lendecke
0cfea6de67 r24232: Push down reply_prep_legacy inside reply_transs 
(This used to be commit 511f8bc030)
 2007-10-10 12:29:18 -05:00
Volker Lendecke
1d3c1de502 r24231: Push allocating InBuffer/OutBuffer into reply_transs 
(This used to be commit 74ae19cca6)
 2007-10-10 12:29:18 -05:00
Volker Lendecke
f1822fe737 r24230: Push down reply_prep_legacy in reply_trans 
The last checkin was for reply_trans, not reply_transs
(This used to be commit 50a2bfd9e0)
 2007-10-10 12:29:18 -05:00
Volker Lendecke
133ef281c0 r24229: Push allocating InBuffer/OutBuffer into reply_transs 
(This used to be commit 39a7809aa4)
 2007-10-10 12:29:18 -05:00
Volker Lendecke
bf160bb621 r24224: Check wct in reply_trans 
(This used to be commit fc8759e63c)
 2007-10-10 12:29:18 -05:00
Volker Lendecke
0ff8556f8b r23823: Memory leak fix from Atsushi Nakabayashi <nakabayashi@miraclelinux.com> 
Thanks!

Volker
(This used to be commit 17b875ae5b)
 2007-10-10 12:28:30 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text 
(This used to be commit b0132e94fc)
 2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later. 
Jeremy.
(This used to be commit 407e6e695b)
 2007-10-10 12:28:20 -05:00
Volker Lendecke
fcda5b5896 r23726: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The next 
checkin will pull this up to srvstr_get_path. At that point we can get more
independent of the inbuf, the base_ptr in pull_string will only be used
to satisfy UCS2 alignment constraints.
(This used to be commit 836782b07b)
 2007-10-10 12:23:49 -05:00
Jeremy Allison
0829e1ad1c r22391: Looks bigger than it is. Make "inbuf" available 
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120)
 2007-10-10 12:19:30 -05:00
Volker Lendecke
2498a973ac r22059: Over-allocate and NULL out 100 bytes for lanman.c. 
Volker
(This used to be commit 0eea6b84ce)
 2007-10-10 12:19:06 -05:00
James Peach
5bb49b08f3 r20237: Replace exit_server with exit_server_cleanly where appropriate. All 
send_smb failures should be clean exits. All times when we exit as
a matter of policy should also be clean exits.
(This used to be commit d6382092e7)
 2007-10-10 12:16:34 -05:00
Jeremy Allison
d29722e378 r20178: Ensure we allocate the intermediate trans structs 
off conn->mem_ctx, not the null context so we can
safefy free everything on conn close. Should fix
possible memleak.
Jeremy.
(This used to be commit b33bde7b39)
 2007-10-10 12:16:29 -05:00
Volker Lendecke
e23781b3b3 r17316: More C++ warnings -- 456 left 
(This used to be commit 1e4ee728df)
 2007-10-10 11:38:25 -05:00
Jeremy Allison
9bcaf47c63 r16275: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsigned int 
in a format string.
Jeremy.
(This used to be commit 952547471f)
 2007-10-10 11:17:30 -05:00