r24409: Check wct in reply_open

author Volker Lendecke <vlendec@samba.org>

Tue, 14 Aug 2007 13:57:36 +0000 (13:57 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 17:29:41 +0000 (12:29 -0500)
author Volker Lendecke <vlendec@samba.org>
Tue, 14 Aug 2007 13:57:36 +0000 (13:57 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 17:29:41 +0000 (12:29 -0500)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c

index 4a8ecb86e988112ec9d6157212c63553f32076fc..6acee164c6af7e2448f20cf700acfa7e91e335fd 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1402,9 +1402,9 @@ int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
         int info;
         SMB_STRUCT_STAT sbuf;
         files_struct *fsp;
-       int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
+       int oplock_request;
         int deny_mode;
-       uint32 dos_attr = SVAL(inbuf,smb_vwv1);
+       uint32 dos_attr;
         uint32 access_mask;
         uint32 share_mode;
         uint32 create_disposition;
@@ -1415,8 +1415,14 @@ int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
         START_PROFILE(SMBopen);
  
         init_smb_request(&req, (uint8 *)inbuf);
+
+       if (req.wct < 2) {
+               return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+       }
   
+       oplock_request = CORE_OPLOCK_REQUEST(inbuf);
         deny_mode = SVAL(inbuf,smb_vwv0);
+       dos_attr = SVAL(inbuf,smb_vwv1);
  
         srvstr_get_path(inbuf, SVAL(inbuf,smb_flg2), fname, smb_buf(inbuf)+1,
                         sizeof(fname), 0, STR_TERMINATE, &status);
author	Volker Lendecke <vlendec@samba.org>
	Tue, 14 Aug 2007 13:57:36 +0000 (13:57 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:29:41 +0000 (12:29 -0500)