svn commit: samba r24090 - in branches/SAMBA_3_2/source/smbd: .

Tue, 31 Jul 2007 01:38:08 -0700 

Author: vlendec
Date: 2007-07-31 08:37:54 +0000 (Tue, 31 Jul 2007)
New Revision: 24090

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24090

Log:
Separate parsing in reply_ntcreate_and_X

In particular, check if we have enough parameters

Modified:
   branches/SAMBA_3_2/source/smbd/nttrans.c


Changeset:
Modified: branches/SAMBA_3_2/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/nttrans.c    2007-07-31 08:06:56 UTC (rev 
24089)
+++ branches/SAMBA_3_2/source/smbd/nttrans.c    2007-07-31 08:37:54 UTC (rev 
24090)
@@ -484,13 +484,14 @@
 {  
        int result;
        pstring fname;
-       uint32 flags = IVAL(inbuf,smb_ntcreate_Flags);
-       uint32 access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
-       uint32 file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
-       uint32 share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
-       uint32 create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
-       uint32 create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
-       uint16 root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+       uint32 flags;
+       uint32 access_mask;
+       uint32 file_attributes;
+       uint32 share_access;
+       uint32 create_disposition;
+       uint32 create_options;
+       uint16 root_dir_fid;
+       SMB_BIG_UINT allocation_size;
        /* Breakout the oplock request bits so we can set the
           reply bits separately. */
        int oplock_request = 0;
@@ -510,6 +511,25 @@
 
        START_PROFILE(SMBntcreateX);
 
+       init_smb_request(&req, (uint8 *)inbuf);
+
+       if (req.wct < 24) {
+               return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+       }
+
+       flags = IVAL(inbuf,smb_ntcreate_Flags);
+       access_mask = IVAL(inbuf,smb_ntcreate_DesiredAccess);
+       file_attributes = IVAL(inbuf,smb_ntcreate_FileAttributes);
+       share_access = IVAL(inbuf,smb_ntcreate_ShareAccess);
+       create_disposition = IVAL(inbuf,smb_ntcreate_CreateDisposition);
+       create_options = IVAL(inbuf,smb_ntcreate_CreateOptions);
+       root_dir_fid = (uint16)IVAL(inbuf,smb_ntcreate_RootDirectoryFid);
+
+       allocation_size = (SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize);
+#ifdef LARGE_SMB_OFF_T
+       allocation_size |= 
(((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) << 32);
+#endif
+
        DEBUG(10,("reply_ntcreate_and_X: flags = 0x%x, access_mask = 0x%x "
                  "file_attributes = 0x%x, share_access = 0x%x, "
                  "create_disposition = 0x%x create_options = 0x%x "
@@ -522,8 +542,6 @@
                        (unsigned int)create_options,
                        (unsigned int)root_dir_fid ));
 
-       init_smb_request(&req, (uint8 *)inbuf);
-
        /*
         * If it's an IPC, use the pipe handler.
         */
@@ -562,7 +580,7 @@
 
                if(!dir_fsp->is_directory) {
 
-                       srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname,
+                       srvstr_get_path(inbuf, req.flags2, fname,
                                        smb_buf(inbuf), sizeof(fname), 0,
                                        STR_TERMINATE, &status);
                        if (!NT_STATUS_IS_OK(status)) {
@@ -606,7 +624,7 @@
                        dir_name_len++;
                }
 
-               srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), rel_fname,
+               srvstr_get_path(inbuf, req.flags2, rel_fname,
                                smb_buf(inbuf), sizeof(rel_fname), 0,
                                STR_TERMINATE, &status);
                if (!NT_STATUS_IS_OK(status)) {
@@ -615,7 +633,7 @@
                }
                pstrcat(fname, rel_fname);
        } else {
-               srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname,
+               srvstr_get_path(inbuf, req.flags2, fname,
                                smb_buf(inbuf), sizeof(fname), 0,
                                STR_TERMINATE, &status);
                if (!NT_STATUS_IS_OK(status)) {
@@ -654,7 +672,7 @@
         * Now contruct the smb_open_mode value from the filename, 
         * desired access and the share access.
         */
-       status = resolve_dfspath(conn, SVAL(inbuf,smb_flg2) & 
FLAGS2_DFS_PATHNAMES, fname);
+       status = resolve_dfspath(conn, req.flags2 & FLAGS2_DFS_PATHNAMES, 
fname);
        if (!NT_STATUS_IS_OK(status)) {
                END_PROFILE(SMBntcreateX);
                if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
@@ -842,7 +860,7 @@
                        } else {
                                TALLOC_FREE(case_state);
                                END_PROFILE(SMBntcreateX);
-                               if (open_was_deferred(SVAL(inbuf,smb_mid))) {
+                               if (open_was_deferred(req.mid)) {
                                        /* We have re-scheduled this call. */
                                        return -1;
                                }
@@ -866,10 +884,6 @@
        
        /* Save the requested allocation size. */
        if ((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN)) {
-               SMB_BIG_UINT allocation_size = 
(SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize);
-#ifdef LARGE_SMB_OFF_T
-               allocation_size |= 
(((SMB_BIG_UINT)IVAL(inbuf,smb_ntcreate_AllocationSize + 4)) << 32);
-#endif
                if (allocation_size && (allocation_size > 
(SMB_BIG_UINT)file_len)) {
                        fsp->initial_allocation_size = smb_roundup(fsp->conn, 
allocation_size);
                        if (fsp->is_directory) {

Reply via email to