svn commit: samba r23939 - in branches: SAMBA_3_0_25/source/smbd
SAMBA_3_2/source/smbd SAMBA_3_2_0/source/smbd
jra at samba.org
jra at samba.org
Tue Jul 17 23:01:04 GMT 2007
Author: jra
Date: 2007-07-17 23:01:02 +0000 (Tue, 17 Jul 2007)
New Revision: 23939
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23939
Log:
Fixes for notify returns. Returned param value must fix inside
max_param or return NT_STATUS_OK.
Jeremy.
Modified:
branches/SAMBA_3_0_25/source/smbd/notify.c
branches/SAMBA_3_0_25/source/smbd/nttrans.c
branches/SAMBA_3_2/source/smbd/notify.c
branches/SAMBA_3_2/source/smbd/nttrans.c
branches/SAMBA_3_2_0/source/smbd/notify.c
branches/SAMBA_3_2_0/source/smbd/nttrans.c
Changeset:
Modified: branches/SAMBA_3_0_25/source/smbd/notify.c
===================================================================
--- branches/SAMBA_3_0_25/source/smbd/notify.c 2007-07-17 21:55:31 UTC (rev 23938)
+++ branches/SAMBA_3_0_25/source/smbd/notify.c 2007-07-17 23:01:02 UTC (rev 23939)
@@ -22,15 +22,12 @@
#include "includes.h"
-/* Max size we can send to client in a notify response. */
-extern int max_send;
-
struct notify_change_request {
struct notify_change_request *prev, *next;
struct files_struct *fsp; /* backpointer for cancel by mid */
char request_buf[smb_size];
uint32 filter;
- uint32 current_bufsize;
+ uint32 max_param;
struct notify_mid_map *mid_map;
void *backend_data;
};
@@ -62,8 +59,9 @@
}
static BOOL notify_marshall_changes(int num_changes,
- struct notify_change *changes,
- prs_struct *ps)
+ uint32 max_offset,
+ struct notify_change *changes,
+ prs_struct *ps)
{
int i;
UNISTR uni_name;
@@ -113,6 +111,11 @@
prs_set_offset(ps, prs_offset(ps)-2);
SAFE_FREE(uni_name.buffer);
+
+ if (prs_offset(ps) > max_offset) {
+ /* Too much data for client. */
+ return False;
+ }
}
return True;
@@ -148,7 +151,7 @@
"failed.");
}
-void change_notify_reply(const char *request_buf,
+void change_notify_reply(const char *request_buf, uint32 max_param,
struct notify_change_buf *notify_buf)
{
char *outbuf = NULL;
@@ -160,16 +163,10 @@
return;
}
- if (!prs_init(&ps, 0, NULL, False)
- || !notify_marshall_changes(notify_buf->num_changes,
- notify_buf->changes, &ps)) {
- change_notify_reply_packet(request_buf, NT_STATUS_NO_MEMORY);
- goto done;
- }
+ prs_init(&ps, 0, NULL, False);
- buflen = smb_size+38+prs_offset(&ps) + 4 /* padding */;
-
- if (buflen > max_send) {
+ if (!notify_marshall_changes(notify_buf->num_changes, max_param,
+ notify_buf->changes, &ps)) {
/*
* We exceed what the client is willing to accept. Send
* nothing.
@@ -238,7 +235,7 @@
return status;
}
-NTSTATUS change_notify_add_request(const char *inbuf,
+NTSTATUS change_notify_add_request(const char *inbuf, uint32 max_param,
uint32 filter, BOOL recursive,
struct files_struct *fsp)
{
@@ -255,11 +252,11 @@
map->req = request;
memcpy(request->request_buf, inbuf, sizeof(request->request_buf));
- request->current_bufsize = 0;
+ request->max_param = max_param;
request->filter = filter;
request->fsp = fsp;
request->backend_data = NULL;
-
+
DLIST_ADD_END(fsp->notify->requests, request,
struct notify_change_request *);
@@ -431,6 +428,7 @@
*/
change_notify_reply(fsp->notify->requests->request_buf,
+ fsp->notify->requests->max_param,
fsp->notify);
change_notify_remove_request(fsp->notify->requests);
Modified: branches/SAMBA_3_0_25/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_0_25/source/smbd/nttrans.c 2007-07-17 21:55:31 UTC (rev 23938)
+++ branches/SAMBA_3_0_25/source/smbd/nttrans.c 2007-07-17 23:01:02 UTC (rev 23939)
@@ -1979,7 +1979,7 @@
* here.
*/
- change_notify_reply(inbuf, fsp->notify);
+ change_notify_reply(inbuf, max_param_count, fsp->notify);
/*
* change_notify_reply() above has independently sent its
@@ -1992,7 +1992,8 @@
* No changes pending, queue the request
*/
- status = change_notify_add_request(inbuf, filter, recursive, fsp);
+ status = change_notify_add_request(inbuf, max_param_count, filter,
+ recursive, fsp);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
Modified: branches/SAMBA_3_2/source/smbd/notify.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/notify.c 2007-07-17 21:55:31 UTC (rev 23938)
+++ branches/SAMBA_3_2/source/smbd/notify.c 2007-07-17 23:01:02 UTC (rev 23939)
@@ -21,15 +21,12 @@
#include "includes.h"
-/* Max size we can send to client in a notify response. */
-extern int max_send;
-
struct notify_change_request {
struct notify_change_request *prev, *next;
struct files_struct *fsp; /* backpointer for cancel by mid */
char request_buf[smb_size];
uint32 filter;
- uint32 current_bufsize;
+ uint32 max_param;
struct notify_mid_map *mid_map;
void *backend_data;
};
@@ -61,8 +58,9 @@
}
static BOOL notify_marshall_changes(int num_changes,
- struct notify_change *changes,
- prs_struct *ps)
+ uint32 max_offset,
+ struct notify_change *changes,
+ prs_struct *ps)
{
int i;
UNISTR uni_name;
@@ -112,6 +110,11 @@
prs_set_offset(ps, prs_offset(ps)-2);
SAFE_FREE(uni_name.buffer);
+
+ if (prs_offset(ps) > max_offset) {
+ /* Too much data for client. */
+ return False;
+ }
}
return True;
@@ -148,7 +151,7 @@
"failed.");
}
-void change_notify_reply(const char *request_buf,
+void change_notify_reply(const char *request_buf, uint32 max_param,
struct notify_change_buf *notify_buf)
{
char *outbuf = NULL;
@@ -160,16 +163,10 @@
return;
}
- if (!prs_init(&ps, 0, NULL, False)
- || !notify_marshall_changes(notify_buf->num_changes,
- notify_buf->changes, &ps)) {
- change_notify_reply_packet(request_buf, NT_STATUS_NO_MEMORY);
- goto done;
- }
+ prs_init(&ps, 0, NULL, False);
- buflen = smb_size+38+prs_offset(&ps) + 4 /* padding */;
-
- if (buflen > max_send) {
+ if (!notify_marshall_changes(notify_buf->num_changes, max_param,
+ notify_buf->changes, &ps)) {
/*
* We exceed what the client is willing to accept. Send
* nothing.
@@ -238,7 +235,7 @@
return status;
}
-NTSTATUS change_notify_add_request(const char *inbuf,
+NTSTATUS change_notify_add_request(const char *inbuf, uint32 max_param,
uint32 filter, BOOL recursive,
struct files_struct *fsp)
{
@@ -255,11 +252,11 @@
map->req = request;
memcpy(request->request_buf, inbuf, sizeof(request->request_buf));
- request->current_bufsize = 0;
+ request->max_param = max_param;
request->filter = filter;
request->fsp = fsp;
request->backend_data = NULL;
-
+
DLIST_ADD_END(fsp->notify->requests, request,
struct notify_change_request *);
@@ -431,6 +428,7 @@
*/
change_notify_reply(fsp->notify->requests->request_buf,
+ fsp->notify->requests->max_param,
fsp->notify);
change_notify_remove_request(fsp->notify->requests);
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/nttrans.c 2007-07-17 21:55:31 UTC (rev 23938)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c 2007-07-17 23:01:02 UTC (rev 23939)
@@ -2045,7 +2045,7 @@
* here.
*/
- change_notify_reply(inbuf, fsp->notify);
+ change_notify_reply(inbuf, max_param_count, fsp->notify);
/*
* change_notify_reply() above has independently sent its
@@ -2058,7 +2058,8 @@
* No changes pending, queue the request
*/
- status = change_notify_add_request(inbuf, filter, recursive, fsp);
+ status = change_notify_add_request(inbuf, max_param_count, filter,
+ recursive, fsp);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
Modified: branches/SAMBA_3_2_0/source/smbd/notify.c
===================================================================
--- branches/SAMBA_3_2_0/source/smbd/notify.c 2007-07-17 21:55:31 UTC (rev 23938)
+++ branches/SAMBA_3_2_0/source/smbd/notify.c 2007-07-17 23:01:02 UTC (rev 23939)
@@ -21,15 +21,12 @@
#include "includes.h"
-/* Max size we can send to client in a notify response. */
-extern int max_send;
-
struct notify_change_request {
struct notify_change_request *prev, *next;
struct files_struct *fsp; /* backpointer for cancel by mid */
char request_buf[smb_size];
uint32 filter;
- uint32 current_bufsize;
+ uint32 max_param;
struct notify_mid_map *mid_map;
void *backend_data;
};
@@ -61,8 +58,9 @@
}
static BOOL notify_marshall_changes(int num_changes,
- struct notify_change *changes,
- prs_struct *ps)
+ uint32 max_offset,
+ struct notify_change *changes,
+ prs_struct *ps)
{
int i;
UNISTR uni_name;
@@ -112,6 +110,11 @@
prs_set_offset(ps, prs_offset(ps)-2);
SAFE_FREE(uni_name.buffer);
+
+ if (prs_offset(ps) > max_offset) {
+ /* Too much data for client. */
+ return False;
+ }
}
return True;
@@ -147,7 +150,7 @@
"failed.");
}
-void change_notify_reply(const char *request_buf,
+void change_notify_reply(const char *request_buf, uint32 max_param,
struct notify_change_buf *notify_buf)
{
char *outbuf = NULL;
@@ -159,16 +162,10 @@
return;
}
- if (!prs_init(&ps, 0, NULL, False)
- || !notify_marshall_changes(notify_buf->num_changes,
- notify_buf->changes, &ps)) {
- change_notify_reply_packet(request_buf, NT_STATUS_NO_MEMORY);
- goto done;
- }
+ prs_init(&ps, 0, NULL, False);
- buflen = smb_size+38+prs_offset(&ps) + 4 /* padding */;
-
- if (buflen > max_send) {
+ if (!notify_marshall_changes(notify_buf->num_changes, max_param,
+ notify_buf->changes, &ps)) {
/*
* We exceed what the client is willing to accept. Send
* nothing.
@@ -237,7 +234,7 @@
return status;
}
-NTSTATUS change_notify_add_request(const char *inbuf,
+NTSTATUS change_notify_add_request(const char *inbuf, uint32 max_param,
uint32 filter, BOOL recursive,
struct files_struct *fsp)
{
@@ -254,11 +251,11 @@
map->req = request;
memcpy(request->request_buf, inbuf, sizeof(request->request_buf));
- request->current_bufsize = 0;
+ request->max_param = max_param;
request->filter = filter;
request->fsp = fsp;
request->backend_data = NULL;
-
+
DLIST_ADD_END(fsp->notify->requests, request,
struct notify_change_request *);
@@ -430,6 +427,7 @@
*/
change_notify_reply(fsp->notify->requests->request_buf,
+ fsp->notify->requests->max_param,
fsp->notify);
change_notify_remove_request(fsp->notify->requests);
Modified: branches/SAMBA_3_2_0/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_2_0/source/smbd/nttrans.c 2007-07-17 21:55:31 UTC (rev 23938)
+++ branches/SAMBA_3_2_0/source/smbd/nttrans.c 2007-07-17 23:01:02 UTC (rev 23939)
@@ -2039,7 +2039,7 @@
* here.
*/
- change_notify_reply(inbuf, fsp->notify);
+ change_notify_reply(inbuf, max_param_count, fsp->notify);
/*
* change_notify_reply() above has independently sent its
@@ -2052,7 +2052,8 @@
* No changes pending, queue the request
*/
- status = change_notify_add_request(inbuf, filter, recursive, fsp);
+ status = change_notify_add_request(inbuf, max_param_count, filter,
+ recursive, fsp);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
More information about the samba-cvs
mailing list