summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorerdgeist <>2003-12-06 22:15:07 +0000
committererdgeist <>2003-12-06 22:15:07 +0000
commitc4f276515855dc4b3f5457adaa41148281b4b8a8 (patch)
treeaab2ebf7357f78d3a1d16adb267310c0fbf908f2 /src
parent71cabadee7b59a1ebac99aacb0121b3e43b89b89 (diff)
missalignment bug in ANDX command handling
Diffstat (limited to 'src')
-rwxr-xr-xsrc/nu_server.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/nu_server.c b/src/nu_server.c
index 1360ccb..d1bb46a 100755
--- a/src/nu_server.c
+++ b/src/nu_server.c
@@ -60,9 +60,20 @@ static WORD SMB_COM_NEGOTIATE_params[] = {
60 60
61static SMB_STATUS handle_SMB_COM_NEGOTIATE( SMB_HEADER *header, SMB_DATA *data ) { 61static SMB_STATUS handle_SMB_COM_NEGOTIATE( SMB_HEADER *header, SMB_DATA *data ) {
62 struct timeval t; gettimeofday( &t, NULL ); 62 struct timeval t; gettimeofday( &t, NULL );
63 int i = 3;
64 /* Assign uniqe session id, don't know whether spreading our
65 pid() is a good id, when I know, I might change that :) */
63 SMB_COM_NEGOTIATE_params[8] = getpid(); 66 SMB_COM_NEGOTIATE_params[8] = getpid();
64 SMB_COM_NEGOTIATE_params[9] = getppid(); 67 SMB_COM_NEGOTIATE_params[9] = getppid();
65 *(QWORD*)(SMB_COM_NEGOTIATE_params+12) = getnttime( &t ); 68 *(QWORD*)(SMB_COM_NEGOTIATE_params+12) = getnttime( &t );
69
70 /* count number of dialect strings and choose the
71 last one, foolishly assuming this is the newest */
72 ((BYTE*)SMB_COM_NEGOTIATE_params)[1] = 0;
73 while( i < data->bytes->ByteCount )
74 if( data->bytes->Buffer[i++] == 0x02 ) /* dialect indicator */
75 ++*(1+(BYTE*)SMB_COM_NEGOTIATE_params);
76
66 data->params = (SMB_PARAMS*)SMB_COM_NEGOTIATE_params; 77 data->params = (SMB_PARAMS*)SMB_COM_NEGOTIATE_params;
67 data->bytes = (SMB_BYTES *)SMB_COM_NEGOTIATE_bytes; 78 data->bytes = (SMB_BYTES *)SMB_COM_NEGOTIATE_bytes;
68 return STATUS_SUCCESS; 79 return STATUS_SUCCESS;
@@ -82,6 +93,7 @@ static const BYTE SMB_COM_TREE_CONNECT_ANDX_bytes[] = { 8, 0, 'I', 'P', 'C', 0,
82static BYTE SMB_COM_TREE_CONNECT_ANDX_params[] = { 3, 255, 0, 0, 0, 0, 0 }; 93static BYTE SMB_COM_TREE_CONNECT_ANDX_params[] = { 3, 255, 0, 0, 0, 0, 0 };
83 94
84static SMB_STATUS handle_SMB_COM_TREE_CONNECT_ANDX( SMB_HEADER *header, SMB_DATA *data ){ 95static SMB_STATUS handle_SMB_COM_TREE_CONNECT_ANDX( SMB_HEADER *header, SMB_DATA *data ){
96 header->TreeID = 5;
85 data->params = (SMB_PARAMS*)SMB_COM_TREE_CONNECT_ANDX_params; 97 data->params = (SMB_PARAMS*)SMB_COM_TREE_CONNECT_ANDX_params;
86 data->bytes = (SMB_BYTES *)SMB_COM_TREE_CONNECT_ANDX_bytes; 98 data->bytes = (SMB_BYTES *)SMB_COM_TREE_CONNECT_ANDX_bytes;
87 return STATUS_SUCCESS; 99 return STATUS_SUCCESS;
@@ -132,12 +144,13 @@ static void child( ) {
132 sizeof(command_handler)/sizeof(*command_handler), sizeof(*command_handler), command_handler_match); 144 sizeof(command_handler)/sizeof(*command_handler), sizeof(*command_handler), command_handler_match);
133 145
134 requests[ num_requests ].bytes = 146 requests[ num_requests ].bytes =
135 (SMB_BYTES*)(((BYTE*)requests[ num_requests ].params) + *((WORD*)(requests[ num_requests ].params)) + 2); 147 (SMB_BYTES*)(((BYTE*)requests[ num_requests ].params) + *((BYTE*)(requests[ num_requests ].params)) + 2);
136 148
137 if( handler ) { 149 if( handler ) {
138 if( handler->flags & SMB_COMMAND_FLAG_ANDX ) { 150 if( handler->flags & SMB_COMMAND_FLAG_ANDX ) {
139 cmd = ((BYTE*)requests[ num_requests ].params)[1]; 151 cmd = ((BYTE*)requests[ num_requests ].params)[1];
140 requests[ num_requests+1 ].params = (SMB_PARAMS*)(((BYTE*)inpacket) + 4 + ((WORD*)requests[ num_requests ].params)[2]); 152 requests[ num_requests+1 ].params = (SMB_PARAMS*)(((BYTE*)inpacket) + 4 +
153 ((BYTE*)requests[ num_requests ].params)[3] + 256*((BYTE*)requests[ num_requests ].params)[4]);
141 } 154 }
142 155
143 /* <---------- Calling handler here -----> */ 156 /* <---------- Calling handler here -----> */
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-03 18:13:32 +0000