uint32_t i;
uint32_t total_len = 0;
+ /*
+ * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request
+ * Send and invalid parameter response if:
+ * - The ChunkCount value is greater than
+ * ServerSideCopyMaxNumberofChunks
+ */
if (cc_copy->chunk_count > COPYCHUNK_MAX_CHUNKS) {
return NT_STATUS_INVALID_PARAMETER;
}
for (i = 0; i < cc_copy->chunk_count; i++) {
- if (cc_copy->chunks[i].length > COPYCHUNK_MAX_CHUNK_LEN) {
+ /*
+ * - The Length value in a single chunk is greater than
+ * ServerSideCopyMaxChunkSize or equal to zero.
+ */
+ if ((cc_copy->chunks[i].length == 0)
+ || (cc_copy->chunks[i].length > COPYCHUNK_MAX_CHUNK_LEN)) {
return NT_STATUS_INVALID_PARAMETER;
}
total_len += cc_copy->chunks[i].length;
}
+ /*
+ * - Sum of Lengths in all chunks is greater than
+ * ServerSideCopyMaxDataSize
+ */
if (total_len > COPYCHUNK_MAX_TOTAL_LEN) {
return NT_STATUS_INVALID_PARAMETER;
}