From: Stefan Metzmacher Date: Sun, 5 Aug 2012 18:48:51 +0000 (+0200) Subject: s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_cre... X-Git-Tag: ldb-1.1.10~85 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fbd663c1437c104e9bc7f8f51fdef3747a111935;p=thirdparty%2Fsamba.git s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_create() metze --- diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 7334f93f90d..70024792461 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -285,15 +285,16 @@ inval: } static NTSTATUS smbd_smb2_request_create(struct smbd_server_connection *sconn, - const uint8_t *inbuf, size_t size, + uint8_t *inbuf, size_t size, struct smbd_smb2_request **_req) { struct smbd_smb2_request *req; uint32_t protocol_version; const uint8_t *inhdr = NULL; - off_t ofs = 0; uint16_t cmd; uint32_t next_command_ofs; + NTSTATUS status; + NTTIME now; if (size < (4 + SMB2_HDR_BODY + 2)) { DEBUG(0,("Invalid SMB2 packet length count %ld\n", (long)size)); @@ -331,36 +332,22 @@ static NTSTATUS smbd_smb2_request_create(struct smbd_server_connection *sconn, talloc_steal(req, inbuf); - req->in.vector = talloc_array(req, struct iovec, 4); - if (req->in.vector == NULL) { - TALLOC_FREE(req); - return NT_STATUS_NO_MEMORY; - } - req->in.vector_count = 4; - memcpy(req->in.nbt_hdr, inbuf, 4); - ofs = 0; - req->in.vector[0].iov_base = discard_const_p(void, req->in.nbt_hdr); - req->in.vector[0].iov_len = 4; - ofs += req->in.vector[0].iov_len; - - req->in.vector[1].iov_base = discard_const_p(void, (inbuf + ofs)); - req->in.vector[1].iov_len = SMB2_HDR_BODY; - ofs += req->in.vector[1].iov_len; - - req->in.vector[2].iov_base = discard_const_p(void, (inbuf + ofs)); - req->in.vector[2].iov_len = SVAL(inbuf, ofs) & 0xFFFE; - ofs += req->in.vector[2].iov_len; - - if (ofs > size) { - return NT_STATUS_INVALID_PARAMETER; + req->request_time = timeval_current(); + now = timeval_to_nttime(&req->request_time); + + status = smbd_smb2_inbuf_parse_compound(sconn->conn, + now, + inbuf + NBT_HDR_SIZE, + size - NBT_HDR_SIZE, + req, &req->in.vector, + &req->in.vector_count); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(req); + return status; } - req->in.vector[3].iov_base = discard_const_p(void, (inbuf + ofs)); - req->in.vector[3].iov_len = size - ofs; - ofs += req->in.vector[3].iov_len; - req->current_idx = 1; *_req = req;