s3: smbd: Remove unneeded 'out_of_space' parameter from smbd_dirptr_lanman2_entry().

This can now be handled by checking for the STATUS_MORE_ENTRIES error return.

Bug 10775 - smbd crashes when accessing garbage filenames

https://bugzilla.samba.org/show_bug.cgi?id=10775

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 20ab75d446d844a7a214722bdf04634d6bd40807..5a8e3bd7462ad80b9d3d1d01650cbea9de4d60ef 100644 (file)
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -201,7 +201,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
                               char *base_data,
                               char *end_data,
                               int space_remaining,
-                              bool *out_of_space,
                               bool *got_exact_match,
                               int *_last_entry_off,
                               struct ea_list *name_list);

diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
index af9995e4239a0c560fab8627b4cdecad1a476140..2dab86b5676b535fd7f1a52d0d52033419b2075e 100644 (file)
--- a/source3/smbd/smb2_find.c
+++ b/source3/smbd/smb2_find.c
@@ -433,7 +433,6 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
 
        while (true) {
                bool got_exact_match = false;
-               bool out_of_space = false;
                int space_remaining = in_output_buffer_length - off;
 
                SMB_ASSERT(space_remaining >= 0);
@@ -454,7 +453,6 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
                                               base_data,
                                               end_data,
                                               space_remaining,
-                                              &out_of_space,
                                               &got_exact_match,
                                               &last_entry_off,
                                               NULL);

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 2d6c261f189b44d380a8f8f8464cb9b21e30dd19..e4d64e80f43d694781c6074a0e69584e50653828 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2228,7 +2228,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
                               char *base_data,
                               char *end_data,
                               int space_remaining,
-                              bool *out_of_space,
                               bool *got_exact_match,
                               int *_last_entry_off,
                               struct ea_list *name_list)
@@ -2251,7 +2250,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
        state.has_wild = dptr_has_wild(dirptr);
        state.got_exact_match = false;
 
-       *out_of_space = false;
        *got_exact_match = false;
 
        p = strrchr_m(path_mask,'/');
@@ -2304,7 +2302,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
        TALLOC_FREE(fname);
        TALLOC_FREE(smb_fname);
        if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
-               *out_of_space = true;
                dptr_SeekDir(dirptr, prev_dirpos);
                return status;
        }
@@ -2339,6 +2336,8 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
        const bool do_pad = true;
        NTSTATUS status;
 
+       *out_of_space = false;
+
        if (info_level >= 1 && info_level <= 3) {
                /* No alignment on earlier info levels. */
                align = 1;
@@ -2350,8 +2349,11 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
                                         align, do_pad,
                                         ppdata, base_data, end_data,
                                         space_remaining,
-                                        out_of_space, got_exact_match,
+                                        got_exact_match,
                                         last_entry_off, name_list);
+       if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+               *out_of_space = true;
+       }
        return NT_STATUS_IS_OK(status);
 }