diff options
Diffstat (limited to 'source3/libsmb/clirap.c')
-rw-r--r-- | source3/libsmb/clirap.c | 151 |
1 files changed, 87 insertions, 64 deletions
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index b4b40ebdab4..8a844050461 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -174,6 +174,8 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32_t, unsigned int rdrcnt,rprcnt; char param[1024]; int count = -1; + bool ok; + int res; /* now send a SMBtrans command with api RNetShareEnum */ p = param; @@ -191,74 +193,82 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32_t, SSVAL(p,2,0xFFE0); p += 4; - if (cli_api(cli, - param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */ - NULL, 0, 0xFFE0, /* data, length, maxlen - Win2k needs a small buffer here too ! */ - &rparam, &rprcnt, /* return params, length */ - &rdata, &rdrcnt)) /* return data, length */ - { - int res = rparam? SVAL(rparam,0) : -1; - - if (res == 0 || res == ERRmoredata) { - int converter=SVAL(rparam,2); - int i; - char *rdata_end = rdata + rdrcnt; - - count=SVAL(rparam,4); - p = rdata; - - for (i=0;i<count;i++,p+=20) { - char *sname; - int type; - int comment_offset; - const char *cmnt; - const char *p1; - char *s1, *s2; - size_t len; - TALLOC_CTX *frame = talloc_stackframe(); - - if (p + 20 > rdata_end) { - TALLOC_FREE(frame); - break; - } - - sname = p; - type = SVAL(p,14); - comment_offset = (IVAL(p,16) & 0xFFFF) - converter; - if (comment_offset < 0 || - comment_offset > (int)rdrcnt) { - TALLOC_FREE(frame); - break; - } - cmnt = comment_offset?(rdata+comment_offset):""; - - /* Work out the comment length. */ - for (p1 = cmnt, len = 0; *p1 && - p1 < rdata_end; len++) - p1++; - if (!*p1) { - len++; - } - pull_string_talloc(frame,rdata,0, - &s1,sname,14,STR_ASCII); - pull_string_talloc(frame,rdata,0, - &s2,cmnt,len,STR_ASCII); - if (!s1 || !s2) { - TALLOC_FREE(frame); - continue; - } - - fn(s1, type, s2, state); + ok = cli_api( + cli, + param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */ + NULL, 0, 0xFFE0, /* data, length, maxlen - Win2k needs a small buffer here too ! */ + &rparam, &rprcnt, /* return params, length */ + &rdata, &rdrcnt); /* return data, length */ + if (!ok) { + DEBUG(4,("NetShareEnum failed\n")); + goto done; + } - TALLOC_FREE(frame); - } - } else { - DEBUG(4,("NetShareEnum res=%d\n", res)); + if (rprcnt < 6) { + DBG_ERR("Got invalid result: rprcnt=%u\n", rprcnt); + goto done; + } + + res = rparam? SVAL(rparam,0) : -1; + + if (res == 0 || res == ERRmoredata) { + int converter=SVAL(rparam,2); + int i; + char *rdata_end = rdata + rdrcnt; + + count=SVAL(rparam,4); + p = rdata; + + for (i=0;i<count;i++,p+=20) { + char *sname; + int type; + int comment_offset; + const char *cmnt; + const char *p1; + char *s1, *s2; + size_t len; + TALLOC_CTX *frame = talloc_stackframe(); + + if (p + 20 > rdata_end) { + TALLOC_FREE(frame); + break; } - } else { - DEBUG(4,("NetShareEnum failed\n")); + + sname = p; + type = SVAL(p,14); + comment_offset = (IVAL(p,16) & 0xFFFF) - converter; + if (comment_offset < 0 || + comment_offset > (int)rdrcnt) { + TALLOC_FREE(frame); + break; + } + cmnt = comment_offset?(rdata+comment_offset):""; + + /* Work out the comment length. */ + for (p1 = cmnt, len = 0; *p1 && + p1 < rdata_end; len++) + p1++; + if (!*p1) { + len++; + } + pull_string_talloc(frame,rdata,0, + &s1,sname,14,STR_ASCII); + pull_string_talloc(frame,rdata,0, + &s2,cmnt,len,STR_ASCII); + if (!s1 || !s2) { + TALLOC_FREE(frame); + continue; + } + + fn(s1, type, s2, state); + + TALLOC_FREE(frame); } + } else { + DEBUG(4,("NetShareEnum res=%d\n", res)); + } +done: SAFE_FREE(rparam); SAFE_FREE(rdata); @@ -362,6 +372,13 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype, } rdata_end = rdata + rdrcnt; + + if (rprcnt < 6) { + DBG_ERR("Got invalid result: rprcnt=%u\n", rprcnt); + res = -1; + break; + } + res = rparam ? SVAL(rparam,0) : -1; if (res == 0 || res == ERRmoredata || @@ -560,10 +577,16 @@ bool cli_oem_change_password(struct cli_state *cli, const char *user, const char return False; } + if (rdrcnt < 2) { + cli->rap_error = ERRbadformat; + goto done; + } + if (rparam) { cli->rap_error = SVAL(rparam,0); } +done: SAFE_FREE(rparam); SAFE_FREE(rdata); |