svn commit: samba r24409 - in branches/SAMBA_3_2/source/smbd: .

Tue, 14 Aug 2007 06:58:08 -0700 

Author: vlendec
Date: 2007-08-14 13:57:36 +0000 (Tue, 14 Aug 2007)
New Revision: 24409

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24409

Log:
Check wct in reply_open
Modified:
   branches/SAMBA_3_2/source/smbd/reply.c


Changeset:
Modified: branches/SAMBA_3_2/source/smbd/reply.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/reply.c      2007-08-14 13:38:14 UTC (rev 
24408)
+++ branches/SAMBA_3_2/source/smbd/reply.c      2007-08-14 13:57:36 UTC (rev 
24409)
@@ -1402,9 +1402,9 @@
        int info;
        SMB_STRUCT_STAT sbuf;
        files_struct *fsp;
-       int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
+       int oplock_request;
        int deny_mode;
-       uint32 dos_attr = SVAL(inbuf,smb_vwv1);
+       uint32 dos_attr;
        uint32 access_mask;
        uint32 share_mode;
        uint32 create_disposition;
@@ -1415,8 +1415,14 @@
        START_PROFILE(SMBopen);
 
        init_smb_request(&req, (uint8 *)inbuf);
+
+       if (req.wct < 2) {
+               return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+       }
  
+       oplock_request = CORE_OPLOCK_REQUEST(inbuf);
        deny_mode = SVAL(inbuf,smb_vwv0);
+       dos_attr = SVAL(inbuf,smb_vwv1);
 
        srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, smb_buf(inbuf)+1,
                        sizeof(fname), 0, STR_TERMINATE, &status);

Reply via email to