/* Make sure we can't write a string past the end of the buffer */
-size_t srvstr_push_fn(const char *base_ptr, uint16 smb_flags2, void *dest,
- const char *src, int dest_len, int flags)
+NTSTATUS srvstr_push_fn(const char *base_ptr, uint16 smb_flags2, void *dest,
+ const char *src, int dest_len, int flags, size_t *ret_len)
{
+ size_t len;
+ int saved_errno;
+ NTSTATUS status;
+
if (dest_len < 0) {
- return 0;
+ return NT_STATUS_INVALID_PARAMETER;
}
+ saved_errno = errno;
+ errno = 0;
+
/* 'normal' push into size-specified buffer */
- return push_string_base(base_ptr, smb_flags2, dest, src,
+ len = push_string_base(base_ptr, smb_flags2, dest, src,
dest_len, flags);
+
+ if (errno != 0) {
+ /*
+ * Special case E2BIG, EILSEQ, EINVAL
+ * as they mean conversion errors here,
+ * but we don't generically map them as
+ * they can mean different things in
+ * generic filesystem calls (such as
+ * read xattrs).
+ */
+ if (errno == E2BIG || errno == EILSEQ || errno == EINVAL) {
+ status = NT_STATUS_ILLEGAL_CHARACTER;
+ } else {
+ status = map_nt_error_from_unix_common(errno);
+ /*
+ * Paranoia - Filter out STATUS_MORE_ENTRIES.
+ * I don't think we can get this but it has a
+ * specific meaning to the client.
+ */
+ if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+ status = NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+ DEBUG(10,("character conversion failure "
+ "on string (%s) (%s)\n",
+ src, strerror(errno)));
+ } else {
+ /* Success - restore untouched errno. */
+ errno = saved_errno;
+ *ret_len = len;
+ status = NT_STATUS_OK;
+ }
+ return status;
}
/*******************************************************************
{
size_t buf_size = smb_len(*outbuf) + 4;
size_t grow_size;
- size_t result;
+ size_t result = 0;
uint8 *tmp;
+ NTSTATUS status;
/*
* We need to over-allocate, now knowing what srvstr_push will
return -1;
}
- result = srvstr_push((char *)tmp, SVAL(tmp, smb_flg2),
- tmp + buf_size, str, grow_size, flags);
+ status = srvstr_push((char *)tmp, SVAL(tmp, smb_flg2),
+ tmp + buf_size, str, grow_size, flags, &result);
- if (result == 0) {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("srvstr_push failed\n"));
return -1;
}
bool was_8_3;
int off;
int pad = 0;
+ NTSTATUS status;
*out_of_space = false;
if (flags2 & FLAGS2_UNICODE_STRINGS) {
p += ucs2_align(base_data, p, 0);
}
- len = srvstr_push(base_data, flags2, p,
+ status = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
- STR_TERMINATE);
+ STR_TERMINATE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
if (flags2 & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
SCVAL(nameptr, -1, len - 2);
}
p += 27;
nameptr = p - 1;
- len = srvstr_push(base_data, flags2,
+ status = srvstr_push(base_data, flags2,
p, fname, PTR_DIFF(end_data, p),
- STR_TERMINATE | STR_NOALIGN);
+ STR_TERMINATE | STR_NOALIGN, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
if (flags2 & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
{
struct ea_list *file_list = NULL;
size_t ea_len = 0;
- NTSTATUS status;
DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_EA_LIST\n"));
if (!name_list) {
/* Push the ea_data followed by the name. */
p += fill_ea_buffer(ctx, p, space_remaining, conn, name_list);
nameptr = p;
- len = srvstr_push(base_data, flags2,
+ status = srvstr_push(base_data, flags2,
p + 1, fname, PTR_DIFF(end_data, p+1),
- STR_TERMINATE | STR_NOALIGN);
+ STR_TERMINATE | STR_NOALIGN, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
if (flags2 & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
memset(mangled_name,'\0',12);
}
mangled_name[12] = 0;
- len = srvstr_push(base_data, flags2,
+ status = srvstr_push(base_data, flags2,
p+2, mangled_name, 24,
- STR_UPPER|STR_UNICODE);
+ STR_UPPER|STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
if (len < 24) {
memset(p + 2 + len,'\0',24 - len);
}
memset(p,'\0',26);
}
p += 2 + 24;
- len = srvstr_push(base_data, flags2, p,
+ status = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
- STR_TERMINATE_ASCII);
+ STR_TERMINATE_ASCII, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SIVAL(q,0,len);
p += len;
SOFF_T(p,0,file_size); p += 8;
SOFF_T(p,0,allocation_size); p += 8;
SIVAL(p,0,mode); p += 4;
- len = srvstr_push(base_data, flags2,
+ status = srvstr_push(base_data, flags2,
p + 4, fname, PTR_DIFF(end_data, p+4),
- STR_TERMINATE_ASCII);
+ STR_TERMINATE_ASCII, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SIVAL(p,0,len);
p += 4 + len;
SIVAL(p,0,ea_size); /* Extended attributes */
p +=4;
}
- len = srvstr_push(base_data, flags2, p,
+ status = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
- STR_TERMINATE_ASCII);
+ STR_TERMINATE_ASCII, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SIVAL(q, 0, len);
p += len;
p += 4;
/* this must *not* be null terminated or w2k gets in a loop trying to set an
acl on a dir (tridge) */
- len = srvstr_push(base_data, flags2, p,
+ status = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
- STR_TERMINATE_ASCII);
+ STR_TERMINATE_ASCII, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SIVAL(p, -4, len);
p += len;
p += 4;
SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
SBVAL(p,0,file_index); p += 8;
- len = srvstr_push(base_data, flags2, p,
+ status = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
- STR_TERMINATE_ASCII);
+ STR_TERMINATE_ASCII, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SIVAL(q, 0, len);
p += len;
memset(mangled_name,'\0',12);
}
mangled_name[12] = 0;
- len = srvstr_push(base_data, flags2,
+ status = srvstr_push(base_data, flags2,
p+2, mangled_name, 24,
- STR_UPPER|STR_UNICODE);
+ STR_UPPER|STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SSVAL(p, 0, len);
if (len < 24) {
memset(p + 2 + len,'\0',24 - len);
p += 26;
SSVAL(p,0,0); p += 2; /* Reserved ? */
SBVAL(p,0,file_index); p += 8;
- len = srvstr_push(base_data, flags2, p,
+ status = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
- STR_TERMINATE_ASCII);
+ STR_TERMINATE_ASCII, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SIVAL(q,0,len);
p += len;
DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_UNIX\n"));
p = store_file_unix_basic(conn, p,
NULL, &smb_fname->st);
- len = srvstr_push(base_data, flags2, p,
+ status = srvstr_push(base_data, flags2, p,
fname, PTR_DIFF(end_data, p),
- STR_TERMINATE);
+ STR_TERMINATE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
} else {
DEBUG(10,("smbd_marshall_dir_entry: SMB_FIND_FILE_UNIX_INFO2\n"));
p = store_file_unix_basic_info2(conn, p,
NULL, &smb_fname->st);
nameptr = p;
p += 4;
- len = srvstr_push(base_data, flags2, p, fname,
- PTR_DIFF(end_data, p), 0);
+ status = srvstr_push(base_data, flags2, p, fname,
+ PTR_DIFF(end_data, p), 0, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
SIVAL(nameptr, 0, len);
}
* this call so try fixing this by adding a terminating null to
* the pushed string. The change here was adding the STR_TERMINATE. JRA.
*/
- len = srvstr_push(
+ status = srvstr_push(
pdata, flags2,
pdata+l2_vol_szVolLabel, vname,
PTR_DIFF(end_data, pdata+l2_vol_szVolLabel),
- STR_NOALIGN|STR_TERMINATE);
+ STR_NOALIGN|STR_TERMINATE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
SCVAL(pdata,l2_vol_cch,len);
data_len = l2_vol_szVolLabel + len;
DEBUG(5,("smbd_do_qfsinfo : time = %x, namelen = %u, name = %s\n",
SIVAL(pdata,4,255); /* Max filename component length */
/* NOTE! the fstype must *not* be null terminated or win98 won't recognise it
and will think we can't do long filenames */
- len = srvstr_push(pdata, flags2, pdata+12, fstype,
+ status = srvstr_push(pdata, flags2, pdata+12, fstype,
PTR_DIFF(end_data, pdata+12),
- STR_UNICODE);
+ STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
SIVAL(pdata,8,len);
data_len = 12 + len;
if (max_data_bytes >= 16 && data_len > max_data_bytes) {
case SMB_QUERY_FS_LABEL_INFO:
case SMB_FS_LABEL_INFORMATION:
- len = srvstr_push(pdata, flags2, pdata+4, vname,
- PTR_DIFF(end_data, pdata+4), 0);
+ status = srvstr_push(pdata, flags2, pdata+4, vname,
+ PTR_DIFF(end_data, pdata+4), 0, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
data_len = 4 + len;
SIVAL(pdata,0,len);
break;
(str_checksum(get_local_machine_name())<<16));
/* Max label len is 32 characters. */
- len = srvstr_push(pdata, flags2, pdata+18, vname,
+ status = srvstr_push(pdata, flags2, pdata+18, vname,
PTR_DIFF(end_data, pdata+18),
- STR_UNICODE);
+ STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
SIVAL(pdata,12,len);
data_len = 18+len;
True,conn->params)) {
return NT_STATUS_NO_MEMORY;
}
- len = srvstr_push(dstart, flags2,
+ status = srvstr_push(dstart, flags2,
pdata+4, mangled_name,
PTR_DIFF(dend, pdata+4),
- STR_UNICODE);
+ STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
data_size = 4 + len;
SIVAL(pdata,0,len);
*fixed_portion = 8;
/*
this must be *exactly* right for ACLs on mapped drives to work
*/
- len = srvstr_push(dstart, flags2,
+ status = srvstr_push(dstart, flags2,
pdata+4, dos_fname,
PTR_DIFF(dend, pdata+4),
- STR_UNICODE);
+ STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
DEBUG(10,("smbd_do_qfilepathinfo: SMB_QUERY_FILE_NAME_INFO\n"));
data_size = 4 + len;
SIVAL(pdata,0,len);
pdata += 24;
SIVAL(pdata,0,ea_size);
pdata += 4; /* EA info */
- len = srvstr_push(dstart, flags2,
+ status = srvstr_push(dstart, flags2,
pdata+4, dos_fname,
PTR_DIFF(dend, pdata+4),
- STR_UNICODE);
+ STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
SIVAL(pdata,0,len);
pdata += 4 + len;
data_size = PTR_DIFF(pdata,(*ppdata));
pdata += 0x60;
- len = srvstr_push(dstart, flags2,
+ status = srvstr_push(dstart, flags2,
pdata+4, dos_fname,
PTR_DIFF(dend, pdata+4),
- STR_UNICODE);
+ STR_UNICODE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
SIVAL(pdata,0,len);
pdata += 4 + len;
data_size = PTR_DIFF(pdata,(*ppdata));
return map_nt_error_from_unix(errno);
}
buffer[link_len] = 0;
- len = srvstr_push(dstart, flags2,
+ status = srvstr_push(dstart, flags2,
pdata, buffer,
PTR_DIFF(dend, pdata),
- STR_TERMINATE);
+ STR_TERMINATE, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
pdata += len;
data_size = PTR_DIFF(pdata,(*ppdata));
{
char *pdata = *ppdata;
files_struct *fsp = file_fsp(req, SVAL(req->vwv+15, 0));
+ NTSTATUS status;
+ size_t len = 0;
/* check for an invalid fid before proceeding */
/* Job number */
SSVAL(pdata, 0, print_spool_rap_jobid(fsp->print_file));
- srvstr_push(pdata, req->flags2, pdata + 2,
+ status = srvstr_push(pdata, req->flags2, pdata + 2,
lp_netbios_name(), 15,
- STR_ASCII|STR_TERMINATE); /* Our NetBIOS name */
- srvstr_push(pdata, req->flags2, pdata+18,
+ STR_ASCII|STR_TERMINATE, &len); /* Our NetBIOS name */
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
+ status = srvstr_push(pdata, req->flags2, pdata+18,
lp_servicename(talloc_tos(), SNUM(conn)), 13,
- STR_ASCII|STR_TERMINATE); /* Service name */
+ STR_ASCII|STR_TERMINATE, &len); /* Service name */
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
send_trans2_replies(conn, req, NT_STATUS_OK, *pparams, 0, *ppdata, 32,
max_data_bytes);
return;