s3:libsmb: use clistr_pull_talloc() in cli_qfilename()

author Stefan Metzmacher <metze@samba.org>

Wed, 6 Jul 2011 12:35:13 +0000 (14:35 +0200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 6 Jul 2011 15:18:14 +0000 (17:18 +0200)
author Stefan Metzmacher <metze@samba.org>
Wed, 6 Jul 2011 12:35:13 +0000 (14:35 +0200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 6 Jul 2011 15:18:14 +0000 (17:18 +0200)
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c

index 731ddfb8c1bcca4a2e600807de1e050405556728..96003c164089d09980be052f61164a8e24500d05 100644 (file)
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -1064,23 +1064,44 @@ static bool parse_streams_blob(TALLOC_CTX *mem_ctx, const uint8_t *rdata,
   Send a qfileinfo QUERY_FILE_NAME_INFO call.
  ****************************************************************************/
  
-NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, char *name,
-                      size_t namelen)
+NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum,
+                      TALLOC_CTX *mem_ctx, char **_name)
  {
+       uint16_t recv_flags2;
         uint8_t *rdata;
         uint32_t num_rdata;
         NTSTATUS status;
+       char *name = NULL;
+       uint32_t namelen;
  
         status = cli_qfileinfo(talloc_tos(), cli, fnum,
                                SMB_QUERY_FILE_NAME_INFO,
-                              4, cli->max_xmit, NULL,
+                              4, cli->max_xmit, &recv_flags2,
                                &rdata, &num_rdata);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
  
-       clistr_pull((const char *)rdata, name, rdata+4, namelen, IVAL(rdata, 0),
-                   STR_UNICODE);
+       namelen = IVAL(rdata, 0);
+       if (namelen > (num_rdata - 4)) {
+               TALLOC_FREE(rdata);
+               return NT_STATUS_INVALID_NETWORK_RESPONSE;
+       }
+
+       clistr_pull_talloc(mem_ctx,
+                          (const char *)rdata,
+                          recv_flags2,
+                          &name,
+                          rdata + 4,
+                          namelen,
+                          STR_UNICODE);
+       if (name == NULL) {
+               status = map_nt_error_from_unix(errno);
+               TALLOC_FREE(rdata);
+               return status;
+       }
+
+       *_name = name;
         TALLOC_FREE(rdata);
         return NT_STATUS_OK;
  }
diff --git a/source3/libsmb/clirap.h b/source3/libsmb/clirap.h

index 1716e17eec228f70e5fe2a15b58b57c84c4adfa5..de770dba7e2ffada9900518e95df8b12bd1fab10 100644 (file)
--- a/source3/libsmb/clirap.h
+++ b/source3/libsmb/clirap.h
@@ -94,8 +94,8 @@ NTSTATUS cli_qpathinfo_streams(struct cli_state *cli, const char *fname,
                                TALLOC_CTX *mem_ctx,
                                unsigned int *pnum_streams,
                                struct stream_struct **pstreams);
-NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum, char *name,
-                      size_t namelen);
+NTSTATUS cli_qfilename(struct cli_state *cli, uint16_t fnum,
+                      TALLOC_CTX *mem_ctx, char **name);
  NTSTATUS cli_qfileinfo_basic(struct cli_state *cli, uint16_t fnum,
                              uint16 *mode, SMB_OFF_T *size,
                              struct timespec *create_time,
diff --git a/source3/torture/torture.c b/source3/torture/torture.c

index 4c9ef97dfa126515e66366303d0293bd9879d23b..7e2a5e7beb0c82b840c9bd09dc97f77472399fc8 100644 (file)
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -3096,7 +3096,7 @@ static bool run_trans2test(int dummy)
         const char *fname = "\\trans2.tst";
         const char *dname = "\\trans2";
         const char *fname2 = "\\trans2\\trans2.tst";
-       char pname[1024];
+       char *pname;
         bool correct = True;
         NTSTATUS status;
         uint32_t fs_attr;
@@ -3123,7 +3123,7 @@ static bool run_trans2test(int dummy)
                 correct = False;
         }
  
-       status = cli_qfilename(cli, fnum, pname, sizeof(pname));
+       status = cli_qfilename(cli, fnum, talloc_tos(), &pname);
         if (!NT_STATUS_IS_OK(status)) {
                 printf("ERROR: qfilename failed (%s)\n", nt_errstr(status));
                 correct = False;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 6 Jul 2011 12:35:13 +0000 (14:35 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 6 Jul 2011 15:18:14 +0000 (17:18 +0200)
source3/libsmb/clirap.c		patch \| blob \| history
source3/libsmb/clirap.h		patch \| blob \| history
source3/torture/torture.c		patch \| blob \| history