Check the fragment size the server has sent us

author Volker Lendecke <vl@samba.org>

Wed, 14 Jan 2009 11:58:13 +0000 (12:58 +0100)

committer Volker Lendecke <vl@samba.org>

Wed, 14 Jan 2009 16:08:39 +0000 (17:08 +0100)
author Volker Lendecke <vl@samba.org>
Wed, 14 Jan 2009 11:58:13 +0000 (12:58 +0100)
committer Volker Lendecke <vl@samba.org>
Wed, 14 Jan 2009 16:08:39 +0000 (17:08 +0100)
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c

index bc0d163aa091f9db8165c1d6a344c7418f01b58b..0a208bae36c96872503d1f92ef8b5f6f0ee3ac90 100644 (file)
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -343,6 +343,13 @@ static NTSTATUS cli_pipe_get_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *p
                 return NT_STATUS_BUFFER_TOO_SMALL;
         }
  
+       if (prhdr->frag_len > cli->max_recv_frag) {
+               DEBUG(0, ("cli_pipe_get_current_pdu: Server sent fraglen %d,"
+                         " we only allow %d\n", (int)prhdr->frag_len,
+                         (int)cli->max_recv_frag));
+               return NT_STATUS_BUFFER_TOO_SMALL;
+       }
+
         /* Ensure we have frag_len bytes of data. */
         if (current_pdu_len < prhdr->frag_len) {
                 if (!rpc_grow_buffer(current_pdu, prhdr->frag_len)) {
@@ -2938,6 +2945,9 @@ static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
         result->srv_name_slash = talloc_asprintf_strupper_m(
                 result, "\\\\%s", result->desthost);
  
+       result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+       result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
+
         if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
                 TALLOC_FREE(result);
                 return NT_STATUS_NO_MEMORY;
author	Volker Lendecke <vl@samba.org>
	Wed, 14 Jan 2009 11:58:13 +0000 (12:58 +0100)
committer	Volker Lendecke <vl@samba.org>
	Wed, 14 Jan 2009 16:08:39 +0000 (17:08 +0100)