svn commit: samba r6137 - in trunk/source/smbd: .
jra at samba.org
jra at samba.org
Wed Mar 30 20:52:53 GMT 2005
Author: jra
Date: 2005-03-30 20:52:52 +0000 (Wed, 30 Mar 2005)
New Revision: 6137
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6137
Log:
Refactor length reading out of EA code so we can read length
external to buffer. Needed to add EA code to create calls.
Jeremy.
Modified:
trunk/source/smbd/trans2.c
Changeset:
Modified: trunk/source/smbd/trans2.c
===================================================================
--- trunk/source/smbd/trans2.c 2005-03-30 15:48:49 UTC (rev 6136)
+++ trunk/source/smbd/trans2.c 2005-03-30 20:52:52 UTC (rev 6137)
@@ -387,7 +387,7 @@
static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
{
struct ea_list *ea_list_head = NULL;
- size_t offset = 4;
+ size_t offset = 0;
while (offset + 2 < data_size) {
struct ea_list *tmp;
@@ -426,17 +426,12 @@
static struct ea_list *read_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
{
struct ea_list *ea_list_head = NULL;
- size_t offset = 4;
+ size_t offset = 0;
if (data_size < 10) {
return NULL;
}
- if (IVAL(pdata,0) > data_size) {
- DEBUG(10,("read_ea_list: bad total data size (%u) > %u\n", IVAL(pdata,0), (unsigned int)data_size));
- return NULL;
- }
-
/* Each entry must be at least 6 bytes in length. */
while (offset + 6 <= data_size) {
struct ea_list *tmp;
@@ -1589,11 +1584,11 @@
if (info_level == SMB_FIND_EA_LIST) {
uint32 ea_size;
-
+
if (total_data < 4) {
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
-
+
ea_size = IVAL(pdata,0);
if (ea_size != total_data) {
DEBUG(4,("call_trans2findfirst: Rejecting EA request with incorrect \
@@ -1610,7 +1605,7 @@
}
/* Pull out the list of names. */
- ea_list = read_ea_name_list(ea_ctx, pdata, ea_size);
+ ea_list = read_ea_name_list(ea_ctx, pdata + 4, ea_size - 4);
if (!ea_list) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
@@ -1863,9 +1858,9 @@
if ((ea_ctx = talloc_init("findnext_ea_list")) == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
-
+
/* Pull out the list of names. */
- ea_list = read_ea_name_list(ea_ctx, pdata, ea_size);
+ ea_list = read_ea_name_list(ea_ctx, pdata + 4, ea_size - 4);
if (!ea_list) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
@@ -2772,7 +2767,7 @@
}
/* Pull out the list of names. */
- ea_list = read_ea_name_list(ea_ctx, pdata, ea_size);
+ ea_list = read_ea_name_list(ea_ctx, pdata + 4, ea_size - 4);
if (!ea_list) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
@@ -3644,11 +3639,23 @@
case SMB_INFO_SET_EA:
{
struct ea_list *ea_list = NULL;
- TALLOC_CTX *ctx = talloc_init("SMB_INFO_SET_EA");
+ TALLOC_CTX *ctx = NULL;
+
+ if (total_data < 10) {
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ if (IVAL(pdata,0) > total_data) {
+ DEBUG(10,("call_trans2setfilepathinfo: bad total data size (%u) > %u\n",
+ IVAL(pdata,0), (unsigned int)total_data));
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ ctx = talloc_init("SMB_INFO_SET_EA");
if (!ctx) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- ea_list = read_ea_list(ctx, pdata, total_data);
+ ea_list = read_ea_list(ctx, pdata + 4, total_data - 4);
if (!ea_list) {
talloc_destroy(ctx);
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
More information about the samba-cvs
mailing list