The branch, master has been updated via 5530cc4 Fix bad SMB2 opcode reading in server. from 7fd926f Make sure that we only propogate the INHERITED flag when we are allowed to.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 5530cc4816534d64d50403c266616633db8202cc Author: Jeremy Allison <j...@samba.org> Date: Mon Apr 1 20:11:26 2013 -0700 Fix bad SMB2 opcode reading in server. SMB2 opcodes are 16-bit values. We should *never* be reading them with IVAL(inhdr, SMB2_HDR_OPCODE), it should always be SVAL(inhdr, SMB2_HDR_OPCODE). Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Richard Sharpe <realrichardsha...@gmail.com> Autobuild-User(master): Richard Sharpe <sha...@samba.org> Autobuild-Date(master): Tue Apr 2 07:28:48 CEST 2013 on sn-devel-104 ----------------------------------------------------------------------- Summary of changes: source3/smbd/smb2_server.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index f486236..eb7059e 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -632,7 +632,7 @@ static bool smb2_validate_message_id(struct smbd_server_connection *sconn, const uint8_t *inhdr) { uint64_t message_id = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); - uint16_t opcode = IVAL(inhdr, SMB2_HDR_OPCODE); + uint16_t opcode = SVAL(inhdr, SMB2_HDR_OPCODE); uint16_t credit_charge = 1; uint64_t i; @@ -1416,7 +1416,7 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev, DEBUG(10,("smbd_smb2_request_pending_queue: opcode[%s] mid %llu " "going async\n", - smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), + smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)), (unsigned long long)async_id )); /* @@ -1621,7 +1621,7 @@ static NTSTATUS smbd_smb2_request_process_cancel(struct smbd_smb2_request *req) inhdr = SMBD_SMB2_IN_HDR_PTR(cur); DEBUG(10,("smbd_smb2_request_process_cancel: attempting to " "cancel opcode[%s] mid %llu\n", - smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)), + smb2_opcode_name(SVAL(inhdr, SMB2_HDR_OPCODE)), (unsigned long long)found_id )); tevent_req_cancel(cur->subreq); } @@ -1699,7 +1699,7 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) inhdr = SMBD_SMB2_IN_HDR_PTR(req); in_flags = IVAL(inhdr, SMB2_HDR_FLAGS); - in_opcode = IVAL(inhdr, SMB2_HDR_OPCODE); + in_opcode = SVAL(inhdr, SMB2_HDR_OPCODE); in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID); if (in_flags & SMB2_HDR_FLAG_CHAINED) { @@ -1870,7 +1870,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) /* TODO: verify more things */ flags = IVAL(inhdr, SMB2_HDR_FLAGS); - opcode = IVAL(inhdr, SMB2_HDR_OPCODE); + opcode = SVAL(inhdr, SMB2_HDR_OPCODE); mid = BVAL(inhdr, SMB2_HDR_MESSAGE_ID); DEBUG(10,("smbd_smb2_request_dispatch: opcode[%s] mid = %llu\n", smb2_opcode_name(opcode), -- Samba Shared Repository