Fix bug 7399 - SMB2: QUERY_DIRECTORY is returning invalid values.

The end_data argument to smbd_dirptr_lanman2_entry() must include the safety margin, as internally it's actually used to allow detection of string name pushes that were truncated. Ensure space_remaining can never go negative due to padding. Jeremy.
author: Jeremy Allison <jra@samba.org> 2010-05-13 15:59:09 -0700
committer: Jeremy Allison <jra@samba.org> 2010-05-13 15:59:09 -0700
commit: 056f24ce24ab395cb6fff15cb068c8d8b1affef9 (patch)
tree: 3020747e6654c811bf69de63f2add4d9e7caa705 /source3/smbd/smb2_find.c
parent: 49c8c130a0d08be7c869b9a63b5a37488003eac2 (diff)
download: samba-056f24ce24ab395cb6fff15cb068c8d8b1affef9.tar.gz
samba-056f24ce24ab395cb6fff15cb068c8d8b1affef9.tar.xz
samba-056f24ce24ab395cb6fff15cb068c8d8b1affef9.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
index 66be7562e87..6690adcb93e 100644
--- a/source3/smbd/smb2_find.c
+++ b/source3/smbd/smb2_find.c
@@ -373,7 +373,11 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx,
 	state->out_output_buffer.length = 0;
 	pdata = (char *)state->out_output_buffer.data;
 	base_data = pdata;
-	end_data = pdata + in_output_buffer_length;
+	/*
+	 * end_data must include the safety margin as it's what is
+	 * used to determine if pushed strings have been truncated.
+	 */
+	end_data = pdata + in_output_buffer_length + DIR_ENTRY_SAFETY_MARGIN - 1;
 	last_entry_off = 0;
 	off = 0;
 	num = 0;
author	Jeremy Allison <jra@samba.org>	2010-05-13 15:59:09 -0700
committer	Jeremy Allison <jra@samba.org>	2010-05-13 15:59:09 -0700
commit	056f24ce24ab395cb6fff15cb068c8d8b1affef9 (patch)
tree	3020747e6654c811bf69de63f2add4d9e7caa705 /source3/smbd/smb2_find.c
parent	49c8c130a0d08be7c869b9a63b5a37488003eac2 (diff)
download	samba-056f24ce24ab395cb6fff15cb068c8d8b1affef9.tar.gz samba-056f24ce24ab395cb6fff15cb068c8d8b1affef9.tar.xz samba-056f24ce24ab395cb6fff15cb068c8d8b1affef9.zip