Print this page
NEX-4878 CIFS assertion failed on common/fs/smbsrv/smb_sd.c, line: 57
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-1635 Codenomicon: SMB2 TC: 157974 Panic in smb2_create/smb_decode_sd
SMB-11 SMB2 message parse & dispatch
SMB-12 SMB2 Negotiate Protocol
SMB-13 SMB2 Session Setup
SMB-14 SMB2 Logoff
SMB-15 SMB2 Tree Connect
SMB-16 SMB2 Tree Disconnect
SMB-17 SMB2 Create
SMB-18 SMB2 Close
SMB-19 SMB2 Flush
SMB-20 SMB2 Read
SMB-21 SMB2 Write
SMB-22 SMB2 Lock/Unlock
SMB-23 SMB2 Ioctl
SMB-24 SMB2 Cancel
SMB-25 SMB2 Echo
SMB-26 SMB2 Query Dir
SMB-27 SMB2 Change Notify
SMB-28 SMB2 Query Info
SMB-29 SMB2 Set Info
SMB-30 SMB2 Oplocks
SMB-53 SMB2 Create Context options
(SMB2 code review cleanup 1, 2, 3)
@@ -19,11 +19,11 @@
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
*/
#include <smbsrv/smb_kproto.h>
static void smb_encode_sacl(mbuf_chain_t *, smb_acl_t *);
@@ -369,23 +369,26 @@
struct mbuf_chain sdbuf;
uint32_t owner_offs;
uint32_t group_offs;
uint32_t sacl_offs;
uint32_t dacl_offs;
+ int rc;
smb_sd_init(sd, SECURITY_DESCRIPTOR_REVISION);
(void) MBC_SHADOW_CHAIN(&sdbuf, mbc,
mbc->chain_offset,
mbc->max_bytes - mbc->chain_offset);
- if (smb_mbc_decodef(&sdbuf, "b.wllll",
+ rc = smb_mbc_decodef(&sdbuf, "b.wllll",
&sd->sd_revision, &sd->sd_control,
- &owner_offs, &group_offs, &sacl_offs, &dacl_offs))
- goto decode_error;
+ &owner_offs, &group_offs, &sacl_offs, &dacl_offs);
+ /* Prevent disallowed flags in smb_sd_term. */
sd->sd_control &= ~SE_SELF_RELATIVE;
+ if (rc != 0)
+ goto decode_error;
if (owner_offs != 0) {
if (owner_offs < SMB_SD_HDRSIZE)
goto decode_error;