s3:smbd: fix parsing of the SMB2 body

Maybe there's no dynamic part on the wire.

metze

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 1b22c8272459de7792691d0faa6380adfaa24469..f4605ddde9c691412cd20da4adb53ae1a5732bc2 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1328,7 +1328,13 @@ static int smbd_smb2_request_next_vector(struct tstream_context *stream,
                                 * body and let the caller deal with the error
                                 */
                                invalid = true;
-                       } else if (body_size > (full_size - SMB2_HDR_BODY)) {
+                       }
+
+                       if ((body_size % 2) != 0) {
+                               body_size -= 1;
+                       }
+
+                       if (body_size > (full_size - SMB2_HDR_BODY)) {
                                /*
                                 * this is invalid, just return a zero
                                 * body and let the caller deal with the error
@@ -1342,10 +1348,6 @@ static int smbd_smb2_request_next_vector(struct tstream_context *stream,
                        body_size = 2;
                }
 
-               if ((body_size % 2) != 0) {
-                       body_size -= 1;
-               }
-
                dyn_size = full_size - (SMB2_HDR_BODY + body_size);
 
                state->missing -= (body_size - 2) + dyn_size;