[SCM] Samba Shared Repository - branch master updated -
fd2bac966783a9aa3f278cc67219920384bc0981
Volker Lendecke
vlendec at samba.org
Sat Dec 13 09:49:33 GMT 2008
The branch, master has been updated
via fd2bac966783a9aa3f278cc67219920384bc0981 (commit)
from 3c66ba0b3cfe9114f28368c30305103ffec68f57 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fd2bac966783a9aa3f278cc67219920384bc0981
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 19 22:55:06 2008 +0100
For read&x replies, check the offset
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/clireadwrite.c | 19 +++++++++++++++++++
1 files changed, 19 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index ecf4939..1c2a0d5 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -109,6 +109,7 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
uint16_t *vwv;
uint16_t num_bytes;
uint8_t *bytes;
+ uint8_t *buf;
NTSTATUS status;
size_t size;
@@ -136,6 +137,24 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
return NT_STATUS_UNEXPECTED_IO_ERROR;
}
+ /*
+ * bcc field must be valid for small reads, for large reads the 16-bit
+ * bcc field can't be correct.
+ */
+
+ if ((size < 0xffff) && (size > num_bytes)) {
+ DEBUG(5, ("server announced more bytes than sent\n"));
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ buf = (uint8_t *)smb_base(cli_req->inbuf) + SVAL(vwv+6, 0);
+
+ if (trans_oob(smb_len(cli_req->inbuf), SVAL(vwv+6, 0), size)
+ || (buf < bytes)) {
+ DEBUG(5, ("server returned invalid read&x data offset\n"));
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
*rcvbuf = (uint8_t *)(smb_base(cli_req->inbuf) + SVAL(vwv + 6, 0));
*received = size;
return NT_STATUS_OK;
--
Samba Shared Repository
More information about the samba-cvs
mailing list