From f1add2e94e38b8da5a33b0120c00b7644ed916bb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Aug 2011 23:33:41 +0200 Subject: [PATCH 1/2] s3:smb2_server: keep compound_related on struct smbd_smb2_request metze --- source3/smbd/globals.h | 1 + source3/smbd/smb2_server.c | 7 +++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index b9bd212..0baf159 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -355,6 +355,7 @@ struct smbd_smb2_request { bool do_signing; bool async; bool cancelled; + bool compound_related; /* fake smb1 request. */ struct smb_request *smb1req; diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 6fc4b5d..0310cb1 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -360,7 +360,6 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req) { int count; int idx; - bool compound_related = false; count = req->in.vector_count; @@ -408,7 +407,7 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req) * compounded requests */ if (flags & SMB2_HDR_FLAG_CHAINED) { - compound_related = true; + req->compound_related = true; } } else if (idx > 4) { #if 0 @@ -421,13 +420,13 @@ static NTSTATUS smbd_smb2_request_validate(struct smbd_smb2_request *req) * all other requests should match the 2nd one */ if (flags & SMB2_HDR_FLAG_CHAINED) { - if (!compound_related) { + if (!req->compound_related) { req->next_status = NT_STATUS_INVALID_PARAMETER; return NT_STATUS_OK; } } else { - if (compound_related) { + if (req->compound_related) { req->next_status = NT_STATUS_INVALID_PARAMETER; return NT_STATUS_OK; -- 1.7.4.1 From 18288c5290ac0f86e56c507ecf13ce594553cd76 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 25 Aug 2011 23:34:27 +0200 Subject: [PATCH 2/2] s3:smb2_server: stop receiving requests while processing compound related requests (bug #8407) metze --- source3/smbd/smb2_server.c | 18 ++++++++++++++++++ 1 files changed, 18 insertions(+), 0 deletions(-) diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 0310cb1..2aade76 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1305,6 +1305,10 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) req->compat_chain_fsp = NULL; } + if (req->compound_related) { + sconn->smb2.compound_related_in_progress = true; + } + switch (opcode) { case SMB2_OP_NEGPROT: /* This call needs to be run as root */ @@ -1751,6 +1755,10 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req) return NT_STATUS_OK; } + if (req->compound_related) { + req->sconn.smb2.compound_related_in_progress = false; + } + smb2_setup_nbt_length(req->out.vector, req->out.vector_count); /* Set credit for this operation (zero credits if this @@ -1823,6 +1831,12 @@ void smbd_smb2_request_dispatch_immediate(struct tevent_context *ctx, smbd_server_connection_terminate(sconn, nt_errstr(status)); return; } + + status = smbd_smb2_request_next_incoming(sconn); + if (!NT_STATUS_IS_OK(status)) { + smbd_server_connection_terminate(sconn, nt_errstr(status)); + return; + } } static NTSTATUS smbd_smb2_request_next_incoming(struct smbd_server_connection *sconn); @@ -2464,6 +2478,10 @@ static NTSTATUS smbd_smb2_request_next_incoming(struct smbd_server_connection *s size_t cur_send_queue_len; struct tevent_req *subreq; + if (sconn->smb2.related_compound_in_progress) { + return NT_STATUS_OK; + } + if (tevent_queue_length(sconn->smb2.recv_queue) > 0) { /* * if there is already a smbd_smb2_request_read -- 1.7.4.1