svn commit: samba r24090 - in branches/SAMBA_3_2/source/smbd: .

vlendec at samba.org vlendec at samba.org
Tue Jul 31 08:37:56 GMT 2007 

Author: vlendec
Date: 2007-07-31 08:37:54 +0000 (Tue, 31 Jul 2007)
New Revision: 24090

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24090

Log:
Separate parsing in reply_ntcreate_and_X

In particular, check if we have enough parameters

Modified:
   branches/SAMBA_3_2/source/smbd/nttrans.c


Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/nttrans.c	2007-07-31 08:06:56 UTC (rev 24089)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c	2007-07-31 08:37:54 UTC (rev 24090)
@@ -484,13 +484,14 @@
 {  
 	int result;
 	pstring fname;
-	uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
-	uint32 access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
-	uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
-	uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
-	uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
-	uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
-	uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+	uint32 flags;
+	uint32 access_mask;
+	uint32 file_attributes;
+	uint32 share_access;
+	uint32 create_disposition;
+	uint32 create_options;
+	uint16 root_dir_fid;
+	SMB_BIG_UINT allocation_size;
 	/* Breakout the oplock request bits so we can set the
 	   reply bits separately. */
 	int oplock_request = 0;
@@ -510,6 +511,25 @@
 
 	START_PROFILE(SMBntcreateX);
 
+	init_smb_request(&req, (uint8 *)inbuf);
+
+	if (req.wct < 24) {
+		return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+	}
+
+	flags = IVAL(inbuf,smb_ntcreate_Flags);
+	access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
+	file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
+	share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
+	create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
+	create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
+	root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+
+	allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize);
+#ifdef LARGE_SMB_OFF_T
+	allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) << 32);
+#endif
+
 	DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
 		  "file_attributes = 0x%x, share_access = 0x%x, "
 		  "create_disposition = 0x%x create_options = 0x%x "
@@ -522,8 +542,6 @@
 			(unsigned int)create_options,
 			(unsigned int)root_dir_fid ));
 
-	init_smb_request(&req, (uint8 *)inbuf);
-
 	/*
 	 * If it's an IPC, use the pipe handler.
 	 */
@@ -562,7 +580,7 @@
 
 		if(!dir_fsp->is_directory) {
 
-			srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname,
+			srvstr_get_path(inbuf, req.flags2, fname,
 					smb_buf(inbuf), sizeof(fname), 0,
 					STR_TERMINATE, &status);
 			if (!NT_STATUS_IS_OK(status)) {
@@ -606,7 +624,7 @@
 			dir_name_len++;
 		}
 
-		srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), rel_fname,
+		srvstr_get_path(inbuf, req.flags2, rel_fname,
 				smb_buf(inbuf), sizeof(rel_fname), 0,
 				STR_TERMINATE, &status);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -615,7 +633,7 @@
 		}
 		pstrcat(fname, rel_fname);
 	} else {
-		srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname,
+		srvstr_get_path(inbuf, req.flags2, fname,
 				smb_buf(inbuf), sizeof(fname), 0,
 				STR_TERMINATE, &status);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -654,7 +672,7 @@
 	 * Now contruct the smb_open_mode value from the filename, 
 	 * desired access and the share access.
 	 */
-	status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES, fname);
+	status = resolve_dfspath(conn, req.flags2 & FLAGS2_DFS_PATHNAMES, fname);
 	if (!NT_STATUS_IS_OK(status)) {
 		END_PROFILE(SMBntcreateX);
 		if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
@@ -842,7 +860,7 @@
 			} else {
 				TALLOC_FREE(case_state);
 				END_PROFILE(SMBntcreateX);
-				if (open_was_deferred(SVAL(inbuf,smb_mid))) {
+				if (open_was_deferred(req.mid)) {
 					/* We have re-scheduled this call. */
 					return -1;
 				}
@@ -866,10 +884,6 @@
 	
 	/* Save the requested allocation size. */
 	if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
-		SMB_BIG_UINT allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize);
-#ifdef LARGE_SMB_OFF_T
-		allocation_size |= (((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) << 32);
-#endif
 		if (allocation_size && (allocation_size > (SMB_BIG_UINT)file_len)) {
 			fsp->initial_allocation_size = smb_roundup(fsp->conn, allocation_size);
 			if (fsp->is_directory) {

More information about the samba-cvs mailing list