From: Stefan Metzmacher Date: Tue, 9 Mar 2021 08:35:53 +0000 (+0100) Subject: libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements X-Git-Tag: tevent-0.11.0~1513 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f54fb828903a69b9703124b9ecd2514ea0992c45;p=thirdparty%2Fsamba.git libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements We expect the following: * SMB2 HDR * SMB2 BODY FIXED * (optional) SMB2 BODY DYN * (optional) PADDING Everything else is a bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 6da289dc434..6c48cdb73d4 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -73,8 +73,16 @@ static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key *signing_key gnutls_mac_algorithm_t hmac_algo = GNUTLS_MAC_UNKNOWN; int i; + /* + * We expect + * - SMB2 HDR + * - SMB2 BODY FIXED + * - (optional) SMB2 BODY DYN + * - (optional) PADDING + */ SMB_ASSERT(count >= 2); SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY); + SMB_ASSERT(count <= 4); switch (sign_algo_id) { case SMB2_SIGNING_AES128_CMAC: @@ -171,13 +179,16 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key, uint8_t res[16]; int i; - if (count < 2) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (vector[0].iov_len != SMB2_HDR_BODY) { - return NT_STATUS_INVALID_PARAMETER; - } + /* + * We expect + * - SMB2 HDR + * - SMB2 BODY FIXED + * - (optional) SMB2 BODY DYN + * - (optional) PADDING + */ + SMB_ASSERT(count >= 2); + SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY); + SMB_ASSERT(count <= 4); hdr = (uint8_t *)vector[0].iov_base; @@ -288,8 +299,16 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key, uint8_t res[16]; NTSTATUS status; + /* + * We expect + * - SMB2 HDR + * - SMB2 BODY FIXED + * - (optional) SMB2 BODY DYN + * - (optional) PADDING + */ SMB_ASSERT(count >= 2); SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY); + SMB_ASSERT(count <= 4); hdr = (const uint8_t *)vector[0].iov_base;