From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 14 Aug 2009 09:14:42 +0000 (+0200)
Subject: s3:smbd: fix parsing of the SMB2 body
X-Git-Tag: talloc-2.0.0~383
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=86ea1c4d24c80ada573fe6f91ea56c1bace2f906;p=thirdparty%2Fsamba.git

s3:smbd: fix parsing of the SMB2 body

Maybe there's no dynamic part on the wire.

metze
---

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 1b22c827245..f4605ddde9c 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1328,7 +1328,13 @@ static int smbd_smb2_request_next_vector(struct tstream_context *stream,
 				 * body and let the caller deal with the error
 				 */
 				invalid = true;
-			} else if (body_size > (full_size - SMB2_HDR_BODY)) {
+			}
+
+			if ((body_size % 2) != 0) {
+				body_size -= 1;
+			}
+
+			if (body_size > (full_size - SMB2_HDR_BODY)) {
 				/*
 				 * this is invalid, just return a zero
 				 * body and let the caller deal with the error
@@ -1342,10 +1348,6 @@ static int smbd_smb2_request_next_vector(struct tstream_context *stream,
 			body_size = 2;
 		}
 
-		if ((body_size % 2) != 0) {
-			body_size -= 1;
-		}
-
 		dyn_size = full_size - (SMB2_HDR_BODY + body_size);
 
 		state->missing -= (body_size - 2) + dyn_size;