svn commit: samba r11724 - in branches/SAMBA_4_0/source: include smb_server

Mon Nov 14 13:50:57 GMT 2005

Author: metze
Date: 2005-11-14 13:50:56 +0000 (Mon, 14 Nov 2005)
New Revision: 11724

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11724

Log:
- move checks packet size and protocol version,
  before we create the request structure
- move code into one function

metze
Modified:
   branches/SAMBA_4_0/source/include/smb.h
   branches/SAMBA_4_0/source/smb_server/smb_server.c


Changeset:
Modified: branches/SAMBA_4_0/source/include/smb.h
===================================================================

--- branches/SAMBA_4_0/source/include/smb.h	2005-11-14 13:31:47 UTC (rev 11723)
+++ branches/SAMBA_4_0/source/include/smb.h	2005-11-14 13:50:56 UTC (rev 11724)
@@ -204,6 +204,8 @@
 /* 64 bit time (100 nanosec) 1601 - cifs6.txt, section 3.5, page 30, 4 byte aligned */
 typedef uint64_t NTTIME;
 
+#define SMB_MAGIC 0x424D53FF /* 0xFF 'S' 'M' 'B' */
+
 /* the basic packet size, assuming no words or bytes. Does not include the NBT header */
 #define MIN_SMB_SIZE 35
 

Modified: branches/SAMBA_4_0/source/smb_server/smb_server.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/smb_server.c	2005-11-14 13:31:47 UTC (rev 11723)
+++ branches/SAMBA_4_0/source/smb_server/smb_server.c	2005-11-14 13:50:56 UTC (rev 11724)
@@ -62,9 +62,8 @@
 	return True;
 }
 
+static void switch_message(int type, struct smbsrv_request *req);
 
-static void construct_reply(struct smbsrv_request *req);
-
 /****************************************************************************
 receive a SMB request header from the wire, forming a request_context
 from the result
@@ -73,12 +72,40 @@
 {
 	struct smbsrv_connection *smb_conn = talloc_get_type(private, struct smbsrv_connection);
 	struct smbsrv_request *req;
+	uint8_t command;
 
-	req = init_smb_request(smb_conn);
-	if (req == NULL) {
-		return NT_STATUS_NO_MEMORY;
+	/* see if its a special NBT packet */
+	if (CVAL(blob.data, 0) != 0) {
+		req = init_smb_request(smb_conn);
+		NT_STATUS_HAVE_NO_MEMORY(req);
+
+		ZERO_STRUCT(req->in);
+
+		req->in.buffer = talloc_steal(req, blob.data);
+		req->in.size = blob.length;
+		req->request_time = timeval_current();
+
+		reply_special(req);
+		return NT_STATUS_OK;
 	}
 
+	if ((NBT_HDR_SIZE + MIN_SMB_SIZE) > blob.length) {
+		DEBUG(2,("Invalid SMB packet: length %d\n", blob.length));
+		smbsrv_terminate_connection(smb_conn, "Invalid SMB packet");
+		return NT_STATUS_OK;
+	}
+
+	/* Make sure this is an SMB packet */
+	if (IVAL(blob.data, NBT_HDR_SIZE) != SMB_MAGIC) {
+		DEBUG(2,("Non-SMB packet of length %d. Terminating connection\n",
+			 blob.length));
+		smbsrv_terminate_connection(smb_conn, "Non-SMB packet");
+		return NT_STATUS_OK;
+	}
+
+	req = init_smb_request(smb_conn);
+	NT_STATUS_HAVE_NO_MEMORY(req);
+
 	req->in.buffer = talloc_steal(req, blob.data);
 	req->in.size = blob.length;
 	req->request_time = timeval_current();
@@ -105,8 +132,29 @@
 		}
 	}
 
-	construct_reply(req);
+	if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
+		DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
+		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+		return NT_STATUS_OK;
+	}
+ 
+	if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
+		DEBUG(2,("Invalid SMB buffer length count %d\n", req->in.data_size));
+		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+		return NT_STATUS_OK;
+	}
 
+	req->flags	= CVAL(req->in.hdr, HDR_FLG);
+	req->flags2	= SVAL(req->in.hdr, HDR_FLG2);
+	req->smbpid	= SVAL(req->in.hdr, HDR_PID);
+
+	if (!req_signing_check_incoming(req)) {
+		req_reply_error(req, NT_STATUS_ACCESS_DENIED);
+		return NT_STATUS_OK;
+	}
+
+	command = CVAL(req->in.hdr, HDR_COM);
+	switch_message(command, req);
 	return NT_STATUS_OK;
 }
 
@@ -514,53 +562,6 @@
 	smb_messages[type].fn(req);
 }
 
-
-/****************************************************************************
- Construct a reply to the incoming packet.
-****************************************************************************/
-static void construct_reply(struct smbsrv_request *req)
-{
-	uint8_t type = CVAL(req->in.hdr,HDR_COM);
-
-	/* see if its a special NBT packet */
-	if (CVAL(req->in.buffer,0) != 0) {
-		reply_special(req);
-		return;
-	}
-
-	/* Make sure this is an SMB packet */	
-	if (memcmp(req->in.hdr,"\377SMB",4) != 0) {
-		DEBUG(2,("Non-SMB packet of length %d. Terminating connection\n", 
-			 req->in.size));
-		smbsrv_terminate_connection(req->smb_conn, "Non-SMB packet");
-		return;
-	}
-
-	if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
-		DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
-		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
-		return;
-	}
-
-	if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
-		DEBUG(2,("Invalid SMB buffer length count %d\n", req->in.data_size));
-		smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
-		return;
-	}
-
-	req->flags = CVAL(req->in.hdr, HDR_FLG);
-	req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
-	req->smbpid = SVAL(req->in.hdr,HDR_PID);
-
-	if (!req_signing_check_incoming(req)) {
-		req_reply_error(req, NT_STATUS_ACCESS_DENIED);
-		return;
-	}
-
-	switch_message(type, req);
-}
-
-
 /*
   we call this when first first part of a possibly chained request has been completed
   and we need to call the 2nd part, if any

