The Samba-Bugzilla – Attachment 6842 Details for
Bug 8429
Compound SMB2 requests on an IPC connection can corrupt the reply stream.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.1
0001-Fix-bug-8429-Compound-SMB2-requests-on-an-IPC-connec.patch (text/plain), 2.33 KB, created by
Jeremy Allison
on 2011-08-31 00:38:49 UTC
(
hide
)
Description:
git-am fix for 3.6.1
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-08-31 00:38:49 UTC
Size:
2.33 KB
patch
obsolete
>From 31a8ef644e98b520ca9ee0b3a6c9baad95edf2af Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 30 Aug 2011 17:37:19 -0700 >Subject: [PATCH] Fix bug 8429 - Compound SMB2 requests on an IPC connection can corrupt the reply stream. > >--- > source3/smbd/smb2_server.c | 31 ++++++++++++++++++------------- > 1 files changed, 18 insertions(+), 13 deletions(-) > >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index d7a40ed..41ef607 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -901,7 +901,7 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req, > > /* Don't return an intermediate packet on a pipe read/write. */ > if (req->tcon && req->tcon->compat_conn && IS_IPC(req->tcon->compat_conn)) { >- return NT_STATUS_OK; >+ goto ipc_out; > } > > reqhdr = (uint8_t *)req->out.vector[i].iov_base; >@@ -990,6 +990,8 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req, > /* Note we're going async with this request. */ > req->async = true; > >+ ipc_out: >+ > /* > * Now manipulate req so that the outstanding async request > * is the only one left in the struct smbd_smb2_request. >@@ -1037,19 +1039,22 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req, > smb2_setup_nbt_length(req->out.vector, > req->out.vector_count); > >- /* Ensure our final reply matches the interim one. */ >- reqhdr = (uint8_t *)req->out.vector[1].iov_base; >- SIVAL(reqhdr, SMB2_HDR_FLAGS, flags | SMB2_HDR_FLAG_ASYNC); >- SBVAL(reqhdr, SMB2_HDR_PID, async_id); >+ if (req->async) { >+ /* Ensure our final reply matches the interim one. */ >+ reqhdr = (uint8_t *)req->out.vector[1].iov_base; >+ SIVAL(reqhdr, SMB2_HDR_FLAGS, flags | SMB2_HDR_FLAG_ASYNC); >+ SBVAL(reqhdr, SMB2_HDR_PID, async_id); > >- { >- const uint8_t *inhdr = >- (const uint8_t *)req->in.vector[1].iov_base; >- DEBUG(10,("smbd_smb2_request_pending_queue: opcode[%s] mid %llu " >- "going async\n", >- smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), >- (unsigned long long)async_id )); >+ { >+ const uint8_t *inhdr = >+ (const uint8_t *)req->in.vector[1].iov_base; >+ DEBUG(10,("smbd_smb2_request_pending_queue: opcode[%s] mid %llu " >+ "going async\n", >+ smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), >+ (unsigned long long)async_id )); >+ } > } >+ > return NT_STATUS_OK; > } > >-- >1.7.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6842">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8429
: 6842