svn commit: samba r24357 - in branches/SAMBA_3_2/source/smbd: .
vlendec at samba.org
vlendec at samba.org
Mon Aug 13 08:50:11 GMT 2007
Author: vlendec
Date: 2007-08-13 08:50:09 +0000 (Mon, 13 Aug 2007)
New Revision: 24357
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24357
Log:
Check wct in reply_nttrans[s]
Modified:
branches/SAMBA_3_2/source/smbd/nttrans.c
Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/nttrans.c 2007-08-13 08:33:01 UTC (rev 24356)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c 2007-08-13 08:50:09 UTC (rev 24357)
@@ -3176,17 +3176,27 @@
char *inbuf,char *outbuf,int size,int bufsize)
{
int outsize = 0;
- uint32 pscnt = IVAL(inbuf,smb_nt_ParameterCount);
- uint32 psoff = IVAL(inbuf,smb_nt_ParameterOffset);
- uint32 dscnt = IVAL(inbuf,smb_nt_DataCount);
- uint32 dsoff = IVAL(inbuf,smb_nt_DataOffset);
-
- uint16 function_code = SVAL( inbuf, smb_nt_Function);
+ uint32 pscnt;
+ uint32 psoff;
+ uint32 dscnt;
+ uint32 dsoff;
+ uint16 function_code;
NTSTATUS result;
struct trans_state *state;
START_PROFILE(SMBnttrans);
+ if (CVAL(inbuf, smb_wct) < 19) {
+ END_PROFILE(SMBnttrans);
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ pscnt = IVAL(inbuf,smb_nt_ParameterCount);
+ psoff = IVAL(inbuf,smb_nt_ParameterOffset);
+ dscnt = IVAL(inbuf,smb_nt_DataCount);
+ dsoff = IVAL(inbuf,smb_nt_DataOffset);
+ function_code = SVAL( inbuf, smb_nt_Function);
+
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
END_PROFILE(SMBnttrans);
return ERROR_DOS(ERRSRV,ERRaccess);
@@ -3353,6 +3363,11 @@
show_msg(inbuf);
+ if (CVAL(inbuf, smb_wct) < 18) {
+ END_PROFILE(SMBnttranss);
+ return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
for (state = conn->pending_trans; state != NULL;
state = state->next) {
if (state->mid == SVAL(inbuf,smb_mid)) {
More information about the samba-cvs
mailing list