The branch, master has been updated
via 5e04231 s3:smb2_server: get/set info are limited by max_trans size
(bug #8473)
via 6981f11 s3:smb2_server: reject writes larger then the negotiated
max_write size (bug #8473)
via 40ea66c s3:smb2_server: remember the max_{trans,read,write} sizes
we negotiated (bug #8473)
via 77f739f s4:torture/smb2: we only support 64KB reads/writes for now
from de9b3b6 samba-tools/testparm: Add really basic unit test,
demonstrating how to write unit tests for samba-tool in Python.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5e04231e961f10656384a6f16104d0d55b6f3e0e
Author: Stefan Metzmacher <[email protected]>
Date: Wed Oct 12 17:46:50 2011 +0200
s3:smb2_server: get/set info are limited by max_trans size (bug #8473)
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Thu Oct 13 03:32:02 CEST 2011 on sn-devel-104
commit 6981f1114792cc251bf1e05183dd88f5d351ab09
Author: Stefan Metzmacher <[email protected]>
Date: Wed Oct 12 16:58:46 2011 +0200
s3:smb2_server: reject writes larger then the negotiated max_write size
(bug #8473)
metze
commit 40ea66c5dda91ba3f74bed7db1ce02f6c8b4ffeb
Author: Stefan Metzmacher <[email protected]>
Date: Fri Sep 23 17:18:14 2011 +0200
s3:smb2_server: remember the max_{trans,read,write} sizes we negotiated
(bug #8473)
We should enforce the negotiated max sizes instead of the
lp_smb2_max_*() sizes.
metze
commit 77f739f03a32965b676d97a6f082bb3e023014ef
Author: Stefan Metzmacher <[email protected]>
Date: Wed Oct 12 18:34:26 2011 +0200
s4:torture/smb2: we only support 64KB reads/writes for now
We don't have multi-credit support yet.
metze
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/globals.h | 3 +++
source3/smbd/smb2_find.c | 2 +-
source3/smbd/smb2_getinfo.c | 7 +++++++
source3/smbd/smb2_negprot.c | 4 +++-
source3/smbd/smb2_notify.c | 2 +-
source3/smbd/smb2_read.c | 4 ++--
source3/smbd/smb2_setinfo.c | 4 ++++
source3/smbd/smb2_write.c | 7 ++-----
source4/torture/smb2/connect.c | 12 ++++++------
source4/torture/smb2/read.c | 4 ++--
10 files changed, 31 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 4d95453..7095790 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -610,6 +610,9 @@ struct smbd_server_connection {
uint64_t seqnum_low;
uint32_t credits_granted;
uint32_t max_credits;
+ uint32_t max_trans;
+ uint32_t max_read;
+ uint32_t max_write;
struct bitmap *credits_bitmap;
bool compound_related_in_progress;
} smb2;
diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
index 509b9d6..e64db24 100644
--- a/source3/smbd/smb2_find.c
+++ b/source3/smbd/smb2_find.c
@@ -281,7 +281,7 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX
*mem_ctx,
return tevent_req_post(req, ev);
}
- if (in_output_buffer_length > lp_smb2_max_trans()) {
+ if (in_output_buffer_length > smb2req->sconn->smb2.max_trans) {
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
return tevent_req_post(req, ev);
}
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 61e0cfa..c5d2d62 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -90,6 +90,13 @@ NTSTATUS smbd_smb2_request_process_getinfo(struct
smbd_smb2_request *req)
in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
in_input_buffer.length = in_input_buffer_length;
+ if (in_input_buffer.length > req->sconn->smb2.max_trans) {
+ return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
+ }
+ if (in_output_buffer_length > req->sconn->smb2.max_trans) {
+ return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
+ }
+
if (req->compat_chain_fsp) {
/* skip check */
} else if (in_file_id_persistent != in_file_id_volatile) {
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index c5ac2d5..1733728 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -101,7 +101,6 @@ NTSTATUS smbd_smb2_request_process_negprot(struct
smbd_smb2_request *req)
uint32_t max_read = lp_smb2_max_read();
uint32_t max_write = lp_smb2_max_write();
-
status = smbd_smb2_request_verify_sizes(req, 0x24);
if (!NT_STATUS_IS_OK(status)) {
return smbd_smb2_request_error(req, status);
@@ -245,6 +244,9 @@ NTSTATUS smbd_smb2_request_process_negprot(struct
smbd_smb2_request *req)
outdyn = security_buffer;
req->sconn->using_smb2 = true;
+ req->sconn->smb2.max_trans = max_trans;
+ req->sconn->smb2.max_read = max_read;
+ req->sconn->smb2.max_write = max_write;
return smbd_smb2_request_done(req, outbody, &outdyn);
}
diff --git a/source3/smbd/smb2_notify.c b/source3/smbd/smb2_notify.c
index a8b1eb4..49c6a54 100644
--- a/source3/smbd/smb2_notify.c
+++ b/source3/smbd/smb2_notify.c
@@ -73,7 +73,7 @@ NTSTATUS smbd_smb2_request_process_notify(struct
smbd_smb2_request *req)
* 0x00010000 is what Windows 7 uses,
* Windows 2008 uses 0x00080000
*/
- if (in_output_buffer_length > lp_smb2_max_trans()) {
+ if (in_output_buffer_length > req->sconn->smb2.max_trans) {
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c
index 99f6e7a..405e82d 100644
--- a/source3/smbd/smb2_read.c
+++ b/source3/smbd/smb2_read.c
@@ -74,9 +74,9 @@ NTSTATUS smbd_smb2_request_process_read(struct
smbd_smb2_request *req)
in_remaining_bytes = IVAL(inbody, 0x28);
/* check the max read size */
- if (in_length > lp_smb2_max_read()) {
+ if (in_length > req->sconn->smb2.max_read) {
DEBUG(0,("here:%s: 0x%08X: 0x%08X\n",
- __location__, in_length, lp_smb2_max_read()));
+ __location__, in_length, req->sconn->smb2.max_read));
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
}
diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c
index 2d39f11..751190a 100644
--- a/source3/smbd/smb2_setinfo.c
+++ b/source3/smbd/smb2_setinfo.c
@@ -81,6 +81,10 @@ NTSTATUS smbd_smb2_request_process_setinfo(struct
smbd_smb2_request *req)
in_input_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
in_input_buffer.length = in_input_buffer_length;
+ if (in_input_buffer.length > req->sconn->smb2.max_trans) {
+ return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
+ }
+
if (req->compat_chain_fsp) {
/* skip check */
} else if (in_file_id_persistent != in_file_id_volatile) {
diff --git a/source3/smbd/smb2_write.c b/source3/smbd/smb2_write.c
index b47f8a0..edf6176 100644
--- a/source3/smbd/smb2_write.c
+++ b/source3/smbd/smb2_write.c
@@ -78,14 +78,11 @@ NTSTATUS smbd_smb2_request_process_write(struct
smbd_smb2_request *req)
}
/* check the max write size */
- if (in_data_length > lp_smb2_max_write()) {
- /* This is a warning. */
+ if (in_data_length > req->sconn->smb2.max_write) {
DEBUG(2,("smbd_smb2_request_process_write : "
"client ignored max write :%s: 0x%08X: 0x%08X\n",
- __location__, in_data_length, lp_smb2_max_write()));
-#if 0
+ __location__, in_data_length,
req->sconn->smb2.max_write));
return smbd_smb2_request_error(req,
NT_STATUS_INVALID_PARAMETER);
-#endif
}
in_data_buffer.data = (uint8_t *)req->in.vector[i+2].iov_base;
diff --git a/source4/torture/smb2/connect.c b/source4/torture/smb2/connect.c
index 1b69c18..b383a67 100644
--- a/source4/torture/smb2/connect.c
+++ b/source4/torture/smb2/connect.c
@@ -71,14 +71,14 @@ static NTSTATUS torture_smb2_write(struct torture_context
*tctx, struct smb2_tre
NTSTATUS status;
DATA_BLOB data;
int i;
+ uint32_t size = torture_setting_int(tctx, "smb2maxwrite", 64*1024);
- if (torture_setting_bool(tctx, "dangerous", false)) {
- data = data_blob_talloc(tree, NULL, 160000);
- } else if (torture_setting_bool(tctx, "samba4", false)) {
- data = data_blob_talloc(tree, NULL, UINT16_MAX);
- } else {
- data = data_blob_talloc(tree, NULL, torture_setting_int(tctx,
"smb2maxwrite", 120000));
+ data = data_blob_talloc(tree, NULL, size);
+ if (size != data.length) {
+ printf("data_blob_talloc(%s) failed\n", size);
+ return NT_STATUS_NO_MEMORY;
}
+
for (i=0;i<data.length;i++) {
data.data[i] = i;
}
diff --git a/source4/torture/smb2/read.c b/source4/torture/smb2/read.c
index 92b3ce0..3600765 100644
--- a/source4/torture/smb2/read.c
+++ b/source4/torture/smb2/read.c
@@ -51,7 +51,7 @@ static bool test_read_eof(struct torture_context *torture,
struct smb2_tree *tre
bool ret = true;
NTSTATUS status;
struct smb2_handle h;
- uint8_t buf[70000];
+ uint8_t buf[64*1024];
struct smb2_read rd;
TALLOC_CTX *tmp_ctx = talloc_new(tree);
@@ -143,7 +143,7 @@ static bool test_read_position(struct torture_context
*torture, struct smb2_tree
bool ret = true;
NTSTATUS status;
struct smb2_handle h;
- uint8_t buf[70000];
+ uint8_t buf[64*1024];
struct smb2_read rd;
TALLOC_CTX *tmp_ctx = talloc_new(tree);
union smb_fileinfo info;
--
Samba Shared Repository
