From 18d7c0cd25b1fe09a361a332a9191c92bb5a315e Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Wed, 28 Sep 2011 14:45:42 +0200 Subject: [PATCH] s3-smb2_server: fix ioctl InputOffset checking Currently the InputOffset is always check to point to the input data buffer, regardless of whether input data is present. Signed-off-by: Stefan Metzmacher (cherry picked from commit dbcd59f46b0d2125dfb6eb82b3d92be228c6ae4b) The last 22 patches addres bug #8520 (Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements). --- source3/smbd/smb2_ioctl.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c index 8f2a4713ab1..17b915489b0 100644 --- a/source3/smbd/smb2_ioctl.c +++ b/source3/smbd/smb2_ioctl.c @@ -68,7 +68,16 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req) in_max_output_length = IVAL(inbody, 0x2C); in_flags = IVAL(inbody, 0x30); - if (in_input_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) { + /* + * InputOffset (4 bytes): The offset, in bytes, from the beginning of + * the SMB2 header to the input data buffer. If no input data is + * required for the FSCTL/IOCTL command being issued, the client SHOULD + * set this value to 0.<49> + * <49> If no input data is required for the FSCTL/IOCTL command being + * issued, Windows-based clients set this field to any value. + */ + if ((in_input_length > 0) + && (in_input_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len))) { return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER); } -- 2.11.4.GIT