Index: libsmb/smb_signing.c =================================================================== --- libsmb/smb_signing.c (revision 17290) +++ libsmb/smb_signing.c (working copy) @@ -23,9 +23,10 @@ /* Lookup a packet's MID (multiplex id) and figure out it's sequence number */ struct outstanding_packet_lookup { + struct outstanding_packet_lookup *prev, *next; uint16 mid; uint32 reply_seq_num; - struct outstanding_packet_lookup *prev, *next; + BOOL can_delete; /* Set to False in trans state. */ }; struct smb_basic_signing_context { @@ -51,6 +52,7 @@ t->mid = mid; t->reply_seq_num = reply_seq_num; + t->can_delete = True; /* * Add to the *start* of the list not the end of the list. @@ -77,14 +79,29 @@ *reply_seq_num = t->reply_seq_num; DEBUG(10,("get_sequence_for_reply: found seq = %u mid = %u\n", (unsigned int)t->reply_seq_num, (unsigned int)t->mid )); - DLIST_REMOVE(*list, t); - SAFE_FREE(t); + if (t->can_delete) { + DLIST_REMOVE(*list, t); + SAFE_FREE(t); + } return True; } } return False; } +static BOOL set_sequence_can_delete_flag(struct outstanding_packet_lookup **list, uint16 mid, BOOL can_delete_entry) +{ + struct outstanding_packet_lookup *t; + + for (t = *list; t; t = t->next) { + if (t->mid == mid) { + t->can_delete = can_delete_entry; + return True; + } + } + return False; +} + /*********************************************************** SMB signing - Common code before we set a new signing implementation ************************************************************/ @@ -580,6 +597,52 @@ } /*********************************************************** + Enter trans/trans2/nttrans state. +************************************************************/ + +BOOL client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid) +{ + struct smb_sign_info *si = &cli->sign_info; + struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; + + if (!si->doing_signing) { + return True; + } + + if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, False)) { + return False; + } + + return True; +} + +/*********************************************************** + Leave trans/trans2/nttrans state. +************************************************************/ + +BOOL client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid) +{ + uint32 reply_seq_num; + struct smb_sign_info *si = &cli->sign_info; + struct smb_basic_signing_context *data = (struct smb_basic_signing_context *)si->signing_context; + + if (!si->doing_signing) { + return True; + } + + if (!set_sequence_can_delete_flag(&data->outstanding_packet_list, mid, True)) { + return False; + } + + /* Now delete the stored mid entry. */ + if (!get_sequence_for_reply(&data->outstanding_packet_list, mid, &reply_seq_num)) { + return False; + } + + return True; +} + +/*********************************************************** SMB signing - Server implementation - send the MAC. ************************************************************/ Index: libsmb/clitrans.c =================================================================== --- libsmb/clitrans.c (revision 17290) +++ libsmb/clitrans.c (working copy) @@ -95,9 +95,14 @@ return False; } + /* Note we're in a trans state. Save the sequence + * numbers for replies. */ + client_set_trans_sign_state_on(cli, mid); + if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { + client_set_trans_sign_state_off(cli, mid); return(False); } @@ -139,6 +144,7 @@ show_msg(cli->outbuf); if (!cli_send_smb(cli)) { + client_set_trans_sign_state_off(cli, mid); return False; } @@ -150,9 +156,6 @@ } } - /* Note we're in a trans state. Save the sequence - * numbers for replies. */ - return(True); } @@ -168,6 +171,7 @@ unsigned int total_param=0; unsigned int this_data,this_param; NTSTATUS status; + BOOL ret = False; *data_len = *param_len = 0; @@ -182,7 +186,7 @@ DEBUG(0,("Expected %s response, got command 0x%02x\n", trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(cli->inbuf,smb_com))); - return(False); + return False; } /* @@ -194,7 +198,7 @@ status = cli_nt_error(cli); if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) { - return False; + goto out; } /* parse out the lengths */ @@ -206,7 +210,7 @@ *data = SMB_REALLOC(*data,total_data); if (!(*data)) { DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n")); - return False; + goto out; } } @@ -214,7 +218,7 @@ *param = SMB_REALLOC(*param,total_param); if (!(*param)) { DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n")); - return False; + goto out; } } @@ -225,7 +229,7 @@ if (this_data + *data_len > total_data || this_param + *param_len > total_param) { DEBUG(1,("Data overflow in cli_receive_trans\n")); - return False; + goto out; } if (this_data + *data_len < this_data || @@ -233,7 +237,7 @@ this_param + *param_len < this_param || this_param + *param_len < *param_len) { DEBUG(1,("Data overflow in cli_receive_trans\n")); - return False; + goto out; } if (this_data) { @@ -245,14 +249,14 @@ data_offset_out + this_data < data_offset_out || data_offset_out + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_trans\n")); - return False; + goto out; } if (data_offset_in > cli->bufsize || data_offset_in + this_data > cli->bufsize || data_offset_in + this_data < data_offset_in || data_offset_in + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_trans\n")); - return False; + goto out; } memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data); @@ -266,14 +270,14 @@ param_offset_out + this_param < param_offset_out || param_offset_out + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_trans\n")); - return False; + goto out; } if (param_offset_in > cli->bufsize || param_offset_in + this_param > cli->bufsize || param_offset_in + this_param < param_offset_in || param_offset_in + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_trans\n")); - return False; + goto out; } memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param); @@ -281,11 +285,13 @@ *data_len += this_data; *param_len += this_param; - if (total_data <= *data_len && total_param <= *param_len) + if (total_data <= *data_len && total_param <= *param_len) { + ret = True; break; + } if (!cli_receive_smb(cli)) { - return False; + goto out; } show_msg(cli->inbuf); @@ -295,10 +301,10 @@ DEBUG(0,("Expected %s response, got command 0x%02x\n", trans==SMBtrans?"SMBtrans":"SMBtrans2", CVAL(cli->inbuf,smb_com))); - return(False); + goto out; } if (NT_STATUS_IS_ERR(cli_nt_error(cli))) { - return(False); + goto out; } /* parse out the total lengths again - they can shrink! */ @@ -307,12 +313,16 @@ if (SVAL(cli->inbuf,smb_tprcnt) < total_param) total_param = SVAL(cli->inbuf,smb_tprcnt); - if (total_data <= *data_len && total_param <= *param_len) + if (total_data <= *data_len && total_param <= *param_len) { + ret = True; break; - + } } - return(True); + out: + + client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); + return ret; } /**************************************************************************** @@ -379,9 +389,14 @@ return False; } + /* Note we're in a trans state. Save the sequence + * numbers for replies. */ + client_set_trans_sign_state_on(cli, mid); + if (this_ldata < ldata || this_lparam < lparam) { /* receive interim response */ if (!cli_receive_smb(cli) || cli_is_error(cli)) { + client_set_trans_sign_state_off(cli, mid); return(False); } @@ -423,6 +438,7 @@ show_msg(cli->outbuf); if (!cli_send_smb(cli)) { + client_set_trans_sign_state_off(cli, mid); return False; } @@ -434,9 +450,6 @@ } } - /* Note we're in a trans state. Save the sequence - * numbers for replies. */ - return(True); } @@ -453,6 +466,7 @@ unsigned int this_data,this_param; uint8 eclass; uint32 ecode; + BOOL ret = False; *data_len = *param_len = 0; @@ -477,7 +491,7 @@ if (cli_is_dos_error(cli)) { cli_dos_error(cli, &eclass, &ecode); if (!(eclass == ERRDOS && ecode == ERRmoredata)) { - return(False); + goto out; } } @@ -487,7 +501,7 @@ if (cli_is_nt_error(cli)) { if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_BUFFER_TOO_SMALL)) { - return(False); + goto out; } } @@ -500,7 +514,7 @@ *data = SMB_REALLOC(*data,total_data); if (!(*data)) { DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data)); - return False; + goto out; } } @@ -508,7 +522,7 @@ *param = SMB_REALLOC(*param,total_param); if (!(*param)) { DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param)); - return False; + goto out; } } @@ -519,7 +533,7 @@ if (this_data + *data_len > total_data || this_param + *param_len > total_param) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - return False; + goto out; } if (this_data + *data_len < this_data || @@ -527,7 +541,7 @@ this_param + *param_len < this_param || this_param + *param_len < *param_len) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - return False; + goto out; } if (this_data) { @@ -539,14 +553,14 @@ data_offset_out + this_data < data_offset_out || data_offset_out + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - return False; + goto out; } if (data_offset_in > cli->bufsize || data_offset_in + this_data > cli->bufsize || data_offset_in + this_data < data_offset_in || data_offset_in + this_data < this_data) { DEBUG(1,("Data overflow in cli_receive_nt_trans\n")); - return False; + goto out; } memcpy(*data + data_offset_out, smb_base(cli->inbuf) + data_offset_in, this_data); @@ -561,14 +575,14 @@ param_offset_out + this_param < param_offset_out || param_offset_out + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_nt_trans\n")); - return False; + goto out; } if (param_offset_in > cli->bufsize || param_offset_in + this_param > cli->bufsize || param_offset_in + this_param < param_offset_in || param_offset_in + this_param < this_param) { DEBUG(1,("Param overflow in cli_receive_nt_trans\n")); - return False; + goto out; } memcpy(*param + param_offset_out, smb_base(cli->inbuf) + param_offset_in, this_param); @@ -577,11 +591,13 @@ *data_len += this_data; *param_len += this_param; - if (total_data <= *data_len && total_param <= *param_len) + if (total_data <= *data_len && total_param <= *param_len) { + ret = True; break; + } if (!cli_receive_smb(cli)) { - return False; + goto out; } show_msg(cli->inbuf); @@ -590,12 +606,12 @@ if (CVAL(cli->inbuf,smb_com) != SMBnttrans) { DEBUG(0,("Expected SMBnttrans response, got command 0x%02x\n", CVAL(cli->inbuf,smb_com))); - return(False); + goto out; } if (cli_is_dos_error(cli)) { cli_dos_error(cli, &eclass, &ecode); if(!(eclass == ERRDOS && ecode == ERRmoredata)) { - return(False); + goto out; } } /* @@ -604,7 +620,7 @@ if (cli_is_nt_error(cli)) { if (!NT_STATUS_EQUAL(cli_nt_error(cli), NT_STATUS_BUFFER_TOO_SMALL)) { - return(False); + goto out; } } @@ -614,9 +630,14 @@ if (SVAL(cli->inbuf,smb_ntr_TotalParameterCount) < total_param) total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount); - if (total_data <= *data_len && total_param <= *param_len) + if (total_data <= *data_len && total_param <= *param_len) { + ret = True; break; + } } - return(True); + out: + + client_set_trans_sign_state_off(cli, SVAL(cli->inbuf,smb_mid)); + return ret; }