The Samba-Bugzilla – Attachment 8710 Details for
Bug 9760
Incorrect parsing of SMB2 command codes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.0.next that went into master.
0001-Fix-bad-SMB2-opcode-reading-in-server.patch (text/plain), 2.67 KB, created by
Jeremy Allison
on 2013-04-02 16:54:04 UTC
(
hide
)
Description:
git-am fix for 4.0.next that went into master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2013-04-02 16:54:04 UTC
Size:
2.67 KB
patch
obsolete
>From 5c57652e6fafd318ccdf49430545c7565779de7d Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 1 Apr 2013 20:11:26 -0700 >Subject: [PATCH] Fix bad SMB2 opcode reading in server. > >SMB2 opcodes are 16-bit values. We should *never* >be reading them with IVAL(inhdr, SMB2_HDR_OPCODE), >it should always be SVAL(inhdr, SMB2_HDR_OPCODE). > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> > >Autobuild-User(master): Richard Sharpe <sharpe@samba.org> >Autobuild-Date(master): Tue Apr 2 07:28:48 CEST 2013 on sn-devel-104 >--- > source3/smbd/smb2_server.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > >diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c >index d92302e..62d1074 100644 >--- a/source3/smbd/smb2_server.c >+++ b/source3/smbd/smb2_server.c >@@ -632,7 +632,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn, > const uint8_t *inhdr) > { > uint64_t message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); >- uint16_t opcode = IVAL(inhdr, SMB2_HDR_OPCODE); >+ uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE); > uint16_t credit_charge = 1; > uint64_t i; > >@@ -1416,7 +1416,7 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev, > > DEBUG(10,("smbd_smb2_request_pending_queue: opcode[%s] mid %llu " > "going async\n", >- smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), >+ smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)), > (unsigned long long)async_id )); > > /* >@@ -1621,7 +1621,7 @@ static NTSTATUS smbd_smb2_request_process_cancel(struct smbd_smb2_request *req) > inhdr = SMBD_SMB2_IN_HDR_PTR(cur); > DEBUG(10,("smbd_smb2_request_process_cancel: attempting to " > "cancel opcode[%s] mid %llu\n", >- smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), >+ smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)), > (unsigned long long)found_id )); > tevent_req_cancel(cur->subreq); > } >@@ -1699,7 +1699,7 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) > inhdr = SMBD_SMB2_IN_HDR_PTR(req); > > in_flags = IVAL(inhdr, SMB2_HDR_FLAGS); >- in_opcode = IVAL(inhdr, SMB2_HDR_OPCODE); >+ in_opcode = SVAL(inhdr, SMB2_HDR_OPCODE); > in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID); > > if (in_flags & SMB2_HDR_FLAG_CHAINED) { >@@ -1870,7 +1870,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) > /* TODO: verify more things */ > > flags = IVAL(inhdr, SMB2_HDR_FLAGS); >- opcode = IVAL(inhdr, SMB2_HDR_OPCODE); >+ opcode = SVAL(inhdr, SMB2_HDR_OPCODE); > mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); > DEBUG(10,("smbd_smb2_request_dispatch: opcode[%s] mid = %llu\n", > smb2_opcode_name(opcode), >-- >1.8.1.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8710">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
rsharpe
:
review+
Actions:
View
Attachments on
bug 9760
: 8710