uint8_t *outhdr;
DATA_BLOB outbody;
DATA_BLOB outdyn;
- size_t expected_body_size = 0x19;
- size_t body_size;
uint64_t in_session_id;
uint8_t in_security_mode;
uint16_t in_security_offset;
DATA_BLOB out_security_buffer;
NTSTATUS status;
- inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
-
- if (smb2req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
- return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
+ status = smbd_smb2_request_verify_sizes(smb2req, 0x19);
+ if (!NT_STATUS_IS_OK(status)) {
+ return smbd_smb2_request_error(smb2req, status);
}
-
+ inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
inbody = (const uint8_t *)smb2req->in.vector[i+1].iov_base;
- body_size = SVAL(inbody, 0x00);
- if (body_size != expected_body_size) {
- return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
- }
-
in_security_offset = SVAL(inbody, 0x0C);
in_security_length = SVAL(inbody, 0x0E);
- if (in_security_offset != (SMB2_HDR_BODY + (body_size & 0xFFFFFFFE))) {
+ if (in_security_offset != (SMB2_HDR_BODY + smb2req->in.vector[i+1].iov_len)) {
return smbd_smb2_request_error(smb2req, NT_STATUS_INVALID_PARAMETER);
}
NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
{
- const uint8_t *inbody;
- int i = req->current_idx;
+ NTSTATUS status;
DATA_BLOB outbody;
- size_t expected_body_size = 0x04;
- size_t body_size;
- if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
- return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
- }
-
- inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
-
- body_size = SVAL(inbody, 0x00);
- if (body_size != expected_body_size) {
- return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+ status = smbd_smb2_request_verify_sizes(req, 0x04);
+ if (!NT_STATUS_IS_OK(status)) {
+ return smbd_smb2_request_error(req, status);
}
/*