s3:smb2_server verify creditcharge

author Christian Ambach <ambi@samba.org>

Tue, 28 Feb 2012 01:51:40 +0000 (17:51 -0800)

committer Jeremy Allison <jra@samba.org>

Sat, 10 Mar 2012 00:48:16 +0000 (16:48 -0800)
author Christian Ambach <ambi@samba.org>
Tue, 28 Feb 2012 01:51:40 +0000 (17:51 -0800)
committer Jeremy Allison <jra@samba.org>
Sat, 10 Mar 2012 00:48:16 +0000 (16:48 -0800)
diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c

index 99d3447860ad3c9af454ea6170607f5a65ecea05..9c0d18b278fa7033e6ba33cf901742f85dab729b 100644 (file)
--- a/source3/smbd/smb2_find.c
+++ b/source3/smbd/smb2_find.c
@@ -282,6 +282,14 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
                 return tevent_req_post(req, ev);
         }
  
+       status = smbd_smb2_request_verify_creditcharge(smb2req,
+                                       in_output_buffer_length);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+               return tevent_req_post(req, ev);
+       }
+
         switch (in_file_info_class) {
         case SMB2_FIND_DIRECTORY_INFO:
                 info_level = SMB_FIND_FILE_DIRECTORY_INFO;
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c

index 7d0f9468982b533526fefad59be154487b34c14a..e8d918df388a3e44ee0db3b2d87a43622cbc91c3 100644 (file)
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -97,6 +97,12 @@ NTSTATUS smbd_smb2_request_process_getinfo(struct smbd_smb2_request *req)
                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
         }
  
+       status = smbd_smb2_request_verify_creditcharge(req,
+                       MAX(in_input_buffer.length,in_output_buffer_length));
+       if (!NT_STATUS_IS_OK(status)) {
+               return smbd_smb2_request_error(req, status);
+       }
+
         if (req->compat_chain_fsp) {
                 /* skip check */
         } else if (in_file_id_persistent != in_file_id_volatile) {
diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c

index be56b18799e0674bca129467e6415967df53749e..3f5365c154b5f3aa21a3bb45e4f7fccf8e7fae0f 100644 (file)
--- a/source3/smbd/smb2_notify.c
+++ b/source3/smbd/smb2_notify.c
@@ -77,6 +77,13 @@ NTSTATUS smbd_smb2_request_process_notify(struct smbd_smb2_request *req)
                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
         }
  
+       status = smbd_smb2_request_verify_creditcharge(req,
+                                               in_output_buffer_length);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               return smbd_smb2_request_error(req, status);
+       }
+
         if (req->compat_chain_fsp) {
                 /* skip check */
         } else if (in_file_id_persistent != in_file_id_volatile) {
diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c

index 13bcbdfd19b8b03d15b6d6af09498889d1c72db6..0b6e2ee4618b8749c442b98291237c31d7c1c2c2 100644 (file)
--- a/source3/smbd/smb2_read.c
+++ b/source3/smbd/smb2_read.c
@@ -80,6 +80,11 @@ NTSTATUS smbd_smb2_request_process_read(struct smbd_smb2_request *req)
                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
         }
  
+       status = smbd_smb2_request_verify_creditcharge(req, in_length);
+       if (!NT_STATUS_IS_OK(status)) {
+               return smbd_smb2_request_error(req, status);
+       }
+
         if (req->compat_chain_fsp) {
                 /* skip check */
         } else if (in_file_id_persistent != in_file_id_volatile) {
diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c

index ac6adc3d8fcc78ebf618967c461e72851ffdbc4a..be506ccecf6d560e874a0e011e8b12a0ea4c7016 100644 (file)
--- a/source3/smbd/smb2_setinfo.c
+++ b/source3/smbd/smb2_setinfo.c
@@ -85,6 +85,12 @@ NTSTATUS smbd_smb2_request_process_setinfo(struct smbd_smb2_request *req)
                 return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
         }
  
+       status = smbd_smb2_request_verify_creditcharge(req,
+                                               in_input_buffer.length);
+       if (!NT_STATUS_IS_OK(status)) {
+               return smbd_smb2_request_error(req, status);
+       }
+
         if (req->compat_chain_fsp) {
                 /* skip check */
         } else if (in_file_id_persistent != in_file_id_volatile) {
diff --git a/source3/smbd/smb2_write.c b/source3/smbd/smb2_write.c

index b0ffd44b4959f24fcc8c43059935dfb3fffa92e4..163672cdb112d17e6dd7a83742034c37347a2637 100644 (file)
--- a/source3/smbd/smb2_write.c
+++ b/source3/smbd/smb2_write.c
@@ -88,6 +88,11 @@ NTSTATUS smbd_smb2_request_process_write(struct smbd_smb2_request *req)
         in_data_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
         in_data_buffer.length = in_data_length;
  
+       status = smbd_smb2_request_verify_creditcharge(req, in_data_length);
+       if (!NT_STATUS_IS_OK(status)) {
+               return smbd_smb2_request_error(req, status);
+       }
+
         if (req->compat_chain_fsp) {
                 /* skip check */
         } else if (in_file_id_persistent != in_file_id_volatile) {
author	Christian Ambach <ambi@samba.org>
	Tue, 28 Feb 2012 01:51:40 +0000 (17:51 -0800)
committer	Jeremy Allison <jra@samba.org>
	Sat, 10 Mar 2012 00:48:16 +0000 (16:48 -0800)
source3/smbd/smb2_find.c		patch \| blob \| history
source3/smbd/smb2_getinfo.c		patch \| blob \| history
source3/smbd/smb2_notify.c		patch \| blob \| history
source3/smbd/smb2_read.c		patch \| blob \| history
source3/smbd/smb2_setinfo.c		patch \| blob \| history
source3/smbd/smb2_write.c		patch \| blob \| history