Changeset 751 for trunk/server/source3/smbd/smb2_negprot.c

Timestamp:

Nov 29, 2012, 1:59:04 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.9

File:

• trunk/server/source3/smbd/smb2_negprot.c (modified) (6 diffs)

trunk/server/source3/smbd/smb2_negprot.c

@@ -62 +62 @@
 NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 {
+        NTSTATUS status;
         const uint8_t *inbody;
         const uint8_t *indyn = NULL;
@@ -70 +71 @@
         uint16_t security_offset;
         DATA_BLOB security_buffer;
-        size_t expected_body_size = 0x24;
-        size_t body_size;
         size_t expected_dyn_size = 0;
         size_t c;
@@ -78 +77 @@
         uint16_t dialect = 0;
         uint32_t capabilities;
+        uint32_t max_limit;
+        uint32_t max_trans = lp_smb2_max_trans();
+        uint32_t max_read = lp_smb2_max_read();
+        uint32_t max_write = lp_smb2_max_write();
 
-/* TODO: drop the connection with INVALID_PARAMETER */
-
-        if (req->in.vector[i+1].iov_len != (expected_body_size & 0xFFFFFFFE)) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
+        status = smbd_smb2_request_verify_sizes(req, 0x24);
+        if (!NT_STATUS_IS_OK(status)) {
+                return smbd_smb2_request_error(req, status);
         }
-
         inbody = (const uint8_t *)req->in.vector[i+1].iov_base;
-
-        body_size = SVAL(inbody, 0x00);
-        if (body_size != expected_body_size) {
-                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
-        }
 
         dialect_count = SVAL(inbody, 0x02);
@@ -140 +136 @@
         }
 
+        /*
+         * Unless we implement SMB2_CAP_LARGE_MTU,
+         * 0x10000 (65536) is the maximum allowed message size
+         */
+        max_limit = 0x10000;
+
+        max_trans = MIN(max_limit, max_trans);
+        max_read  = MIN(max_limit, max_read);
+        max_write = MIN(max_limit, max_write);
+
         security_offset = SMB2_HDR_BODY + 0x40;
 
@@ -165 +171 @@
         SIVAL(outbody.data, 0x18,
               capabilities);                    /* capabilities */
-        SIVAL(outbody.data, 0x1C, lp_smb2_max_trans()); /* max transact size */
-        SIVAL(outbody.data, 0x20, lp_smb2_max_read());  /* max read size */
-        SIVAL(outbody.data, 0x24, lp_smb2_max_write()); /* max write size */
+        SIVAL(outbody.data, 0x1C, max_trans);   /* max transact size */
+        SIVAL(outbody.data, 0x20, max_trans);   /* max read size */
+        SIVAL(outbody.data, 0x24, max_trans);   /* max write size */
         SBVAL(outbody.data, 0x28, 0);           /* system time */
         SBVAL(outbody.data, 0x30, 0);           /* server start time */
@@ -179 +185 @@
 
         req->sconn->using_smb2 = true;
+        req->sconn->smb2.max_trans = max_trans;
+        req->sconn->smb2.max_read  = max_read;
+        req->sconn->smb2.max_write = max_write;
 
         return smbd_smb2_request_done(req, outbody, &outdyn);