diff options
| author | Jeremy Allison <jra@samba.org> | 2014-08-26 14:54:56 -0700 |
|---|---|---|
| committer | David Disseldorp <ddiss@samba.org> | 2014-09-16 01:56:55 +0200 |
| commit | c9877eaf1b0ee83e4227483cb6891f94712bd32f (patch) | |
| tree | 94429061155d3b9c625f57a672bbe45c0bf553fb | |
| parent | 5293dd2f635f049cd0632b071307df6a6c52d9b0 (diff) | |
| download | samba-c9877eaf1b0ee83e4227483cb6891f94712bd32f.tar.gz samba-c9877eaf1b0ee83e4227483cb6891f94712bd32f.tar.xz samba-c9877eaf1b0ee83e4227483cb6891f94712bd32f.zip | |
s3: smbd: Remove unneeded 'out_of_space' parameter from smbd_dirptr_lanman2_entry().
This can now be handled by checking for the STATUS_MORE_ENTRIES error return.
Bug 10775 - smbd crashes when accessing garbage filenames
https://bugzilla.samba.org/show_bug.cgi?id=10775
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
| -rw-r--r-- | source3/smbd/globals.h | 1 | ||||
| -rw-r--r-- | source3/smbd/smb2_find.c | 2 | ||||
| -rw-r--r-- | source3/smbd/trans2.c | 10 |
3 files changed, 6 insertions, 7 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 20ab75d446..5a8e3bd746 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -201,7 +201,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, char *base_data, char *end_data, int space_remaining, - bool *out_of_space, bool *got_exact_match, int *_last_entry_off, struct ea_list *name_list); diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c index af9995e423..2dab86b567 100644 --- a/source3/smbd/smb2_find.c +++ b/source3/smbd/smb2_find.c @@ -433,7 +433,6 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, while (true) { bool got_exact_match = false; - bool out_of_space = false; int space_remaining = in_output_buffer_length - off; SMB_ASSERT(space_remaining >= 0); @@ -454,7 +453,6 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, base_data, end_data, space_remaining, - &out_of_space, &got_exact_match, &last_entry_off, NULL); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 2d6c261f18..e4d64e80f4 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2228,7 +2228,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, char *base_data, char *end_data, int space_remaining, - bool *out_of_space, bool *got_exact_match, int *_last_entry_off, struct ea_list *name_list) @@ -2251,7 +2250,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, state.has_wild = dptr_has_wild(dirptr); state.got_exact_match = false; - *out_of_space = false; *got_exact_match = false; p = strrchr_m(path_mask,'/'); @@ -2304,7 +2302,6 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, TALLOC_FREE(fname); TALLOC_FREE(smb_fname); if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { - *out_of_space = true; dptr_SeekDir(dirptr, prev_dirpos); return status; } @@ -2339,6 +2336,8 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, const bool do_pad = true; NTSTATUS status; + *out_of_space = false; + if (info_level >= 1 && info_level <= 3) { /* No alignment on earlier info levels. */ align = 1; @@ -2350,8 +2349,11 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, align, do_pad, ppdata, base_data, end_data, space_remaining, - out_of_space, got_exact_match, + got_exact_match, last_entry_off, name_list); + if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { + *out_of_space = true; + } return NT_STATUS_IS_OK(status); } |