HACK: SMB2-CONNECT SMB 2.002 buffer overflow...

metze

diff --git a/source4/torture/smb2/connect.c b/source4/torture/smb2/connect.c
index fd32b52111b3f6c44f3343989a55fa4225a78cbd..464ef7f484ea45d1590c527a5d176e738644914a 100644 (file)
--- a/source4/torture/smb2/connect.c
+++ b/source4/torture/smb2/connect.c
@@ -92,7 +92,7 @@ static NTSTATUS torture_smb2_write(struct torture_context *tctx, struct smb2_tre
        status = smb2_write(tree, &w);
        if (!NT_STATUS_IS_OK(status)) {
                printf("write failed - %s\n", nt_errstr(status));
-               return status;
+               //return status;
        }
 
        torture_smb2_all_info(tree, handle);
@@ -100,7 +100,7 @@ static NTSTATUS torture_smb2_write(struct torture_context *tctx, struct smb2_tre
        status = smb2_write(tree, &w);
        if (!NT_STATUS_IS_OK(status)) {
                printf("write failed - %s\n", nt_errstr(status));
-               return status;
+               //return status;
        }
 
        torture_smb2_all_info(tree, handle);
@@ -116,17 +116,17 @@ static NTSTATUS torture_smb2_write(struct torture_context *tctx, struct smb2_tre
 
        ZERO_STRUCT(r);
        r.in.file.handle = handle;
-       r.in.length      = data.length;
+       r.in.length      = data.length-1;
        r.in.offset      = 0;
 
        status = smb2_read(tree, tree, &r);
        if (!NT_STATUS_IS_OK(status)) {
                printf("read failed - %s\n", nt_errstr(status));
-               return status;
+               //return status;
        }
 
-       if (data.length != r.out.data.length ||
-           memcmp(data.data, r.out.data.data, data.length) != 0) {
+       if (r.in.length != r.out.data.length ||
+           memcmp(data.data, r.out.data.data, r.out.data.length) != 0) {
                printf("read data mismatch\n");
                return NT_STATUS_NET_WRITE_FAULT;
        }