svn commit: samba r11724 - in branches/SAMBA_4_0/source: include
smb_server
metze at samba.org
metze at samba.org
Mon Nov 14 13:50:57 GMT 2005
Author: metze
Date: 2005-11-14 13:50:56 +0000 (Mon, 14 Nov 2005)
New Revision: 11724
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11724
Log:
- move checks packet size and protocol version,
before we create the request structure
- move code into one function
metze
Modified:
branches/SAMBA_4_0/source/include/smb.h
branches/SAMBA_4_0/source/smb_server/smb_server.c
Changeset:
Modified: branches/SAMBA_4_0/source/include/smb.h
===================================================================
--- branches/SAMBA_4_0/source/include/smb.h 2005-11-14 13:31:47 UTC (rev 11723)
+++ branches/SAMBA_4_0/source/include/smb.h 2005-11-14 13:50:56 UTC (rev 11724)
@@ -204,6 +204,8 @@
/* 64 bit time (100 nanosec) 1601 - cifs6.txt, section 3.5, page 30, 4 byte aligned */
typedef uint64_t NTTIME;
+#define SMB_MAGIC 0x424D53FF /* 0xFF 'S' 'M' 'B' */
+
/* the basic packet size, assuming no words or bytes. Does not include the NBT header */
#define MIN_SMB_SIZE 35
Modified: branches/SAMBA_4_0/source/smb_server/smb_server.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/smb_server.c 2005-11-14 13:31:47 UTC (rev 11723)
+++ branches/SAMBA_4_0/source/smb_server/smb_server.c 2005-11-14 13:50:56 UTC (rev 11724)
@@ -62,9 +62,8 @@
return True;
}
+static void switch_message(int type, struct smbsrv_request *req);
-static void construct_reply(struct smbsrv_request *req);
-
/****************************************************************************
receive a SMB request header from the wire, forming a request_context
from the result
@@ -73,12 +72,40 @@
{
struct smbsrv_connection *smb_conn = talloc_get_type(private, struct smbsrv_connection);
struct smbsrv_request *req;
+ uint8_t command;
- req = init_smb_request(smb_conn);
- if (req == NULL) {
- return NT_STATUS_NO_MEMORY;
+ /* see if its a special NBT packet */
+ if (CVAL(blob.data, 0) != 0) {
+ req = init_smb_request(smb_conn);
+ NT_STATUS_HAVE_NO_MEMORY(req);
+
+ ZERO_STRUCT(req->in);
+
+ req->in.buffer = talloc_steal(req, blob.data);
+ req->in.size = blob.length;
+ req->request_time = timeval_current();
+
+ reply_special(req);
+ return NT_STATUS_OK;
}
+ if ((NBT_HDR_SIZE + MIN_SMB_SIZE) > blob.length) {
+ DEBUG(2,("Invalid SMB packet: length %d\n", blob.length));
+ smbsrv_terminate_connection(smb_conn, "Invalid SMB packet");
+ return NT_STATUS_OK;
+ }
+
+ /* Make sure this is an SMB packet */
+ if (IVAL(blob.data, NBT_HDR_SIZE) != SMB_MAGIC) {
+ DEBUG(2,("Non-SMB packet of length %d. Terminating connection\n",
+ blob.length));
+ smbsrv_terminate_connection(smb_conn, "Non-SMB packet");
+ return NT_STATUS_OK;
+ }
+
+ req = init_smb_request(smb_conn);
+ NT_STATUS_HAVE_NO_MEMORY(req);
+
req->in.buffer = talloc_steal(req, blob.data);
req->in.size = blob.length;
req->request_time = timeval_current();
@@ -105,8 +132,29 @@
}
}
- construct_reply(req);
+ if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
+ DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
+ smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+ return NT_STATUS_OK;
+ }
+
+ if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
+ DEBUG(2,("Invalid SMB buffer length count %d\n", req->in.data_size));
+ smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
+ return NT_STATUS_OK;
+ }
+ req->flags = CVAL(req->in.hdr, HDR_FLG);
+ req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
+ req->smbpid = SVAL(req->in.hdr, HDR_PID);
+
+ if (!req_signing_check_incoming(req)) {
+ req_reply_error(req, NT_STATUS_ACCESS_DENIED);
+ return NT_STATUS_OK;
+ }
+
+ command = CVAL(req->in.hdr, HDR_COM);
+ switch_message(command, req);
return NT_STATUS_OK;
}
@@ -514,53 +562,6 @@
smb_messages[type].fn(req);
}
-
-/****************************************************************************
- Construct a reply to the incoming packet.
-****************************************************************************/
-static void construct_reply(struct smbsrv_request *req)
-{
- uint8_t type = CVAL(req->in.hdr,HDR_COM);
-
- /* see if its a special NBT packet */
- if (CVAL(req->in.buffer,0) != 0) {
- reply_special(req);
- return;
- }
-
- /* Make sure this is an SMB packet */
- if (memcmp(req->in.hdr,"\377SMB",4) != 0) {
- DEBUG(2,("Non-SMB packet of length %d. Terminating connection\n",
- req->in.size));
- smbsrv_terminate_connection(req->smb_conn, "Non-SMB packet");
- return;
- }
-
- if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct > req->in.size) {
- DEBUG(2,("Invalid SMB word count %d\n", req->in.wct));
- smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
- return;
- }
-
- if (NBT_HDR_SIZE + MIN_SMB_SIZE + 2*req->in.wct + req->in.data_size > req->in.size) {
- DEBUG(2,("Invalid SMB buffer length count %d\n", req->in.data_size));
- smbsrv_terminate_connection(req->smb_conn, "Invalid SMB packet");
- return;
- }
-
- req->flags = CVAL(req->in.hdr, HDR_FLG);
- req->flags2 = SVAL(req->in.hdr, HDR_FLG2);
- req->smbpid = SVAL(req->in.hdr,HDR_PID);
-
- if (!req_signing_check_incoming(req)) {
- req_reply_error(req, NT_STATUS_ACCESS_DENIED);
- return;
- }
-
- switch_message(type, req);
-}
-
-
/*
we call this when first first part of a possibly chained request has been completed
and we need to call the 2nd part, if any
More information about the samba-cvs
mailing list