diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-04-06 12:22:54 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2010-05-06 14:08:36 +0200 |
commit | 97b84c82201ffc0689f64622125698eabc419c54 (patch) | |
tree | 0cf1cda2b680da3616aa62a57d7f8d4eac4e06e2 | |
parent | 9d874a827227a1327bb7695648e140229ad20522 (diff) | |
download | samba-97b84c82201ffc0689f64622125698eabc419c54.tar.gz |
s3:rpc_transport_np: handle trans rdata like the output of a normal read
Inspired by bug #7159.
metze
(cherry picked from commit 911287285cc4c8485b75edfad3c1ece901a69b0b)
(cherry picked from commit e2739a2bf37e654c37cbea6e510f63a7ce4adfea)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2ce1bcd4e4430f311decb73b659c9b615d5bb4e9)
-rw-r--r-- | source3/rpc_client/rpc_transport_np.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c index fe3303095d7..ab3a2550e8f 100644 --- a/source3/rpc_client/rpc_transport_np.c +++ b/source3/rpc_client/rpc_transport_np.c @@ -214,6 +214,7 @@ static NTSTATUS rpc_np_read_recv(struct async_req *req, ssize_t *preceived) struct rpc_np_trans_state { uint16_t setup[2]; + uint32_t max_rdata_len; uint8_t *rdata; uint32_t rdata_len; }; @@ -236,6 +237,8 @@ static struct async_req *rpc_np_trans_send(TALLOC_CTX *mem_ctx, return NULL; } + state->max_rdata_len = max_rdata_len; + SSVAL(state->setup+0, 0, TRANSACT_DCERPCCMD); SSVAL(state->setup+1, 0, np_transport->fnum); @@ -266,10 +269,24 @@ static void rpc_np_trans_done(struct async_req *subreq) status = cli_trans_recv(subreq, state, NULL, NULL, NULL, NULL, &state->rdata, &state->rdata_len); TALLOC_FREE(subreq); + if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) { + status = NT_STATUS_OK; + } if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } + + if (state->rdata_len > state->max_rdata_len) { + async_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); + return; + } + + if (state->rdata_len == 0) { + async_req_nterror(req, NT_STATUS_PIPE_BROKEN); + return; + } + async_req_done(req); } |