ref: 40f6e00b9c4b0f5bdca1cc7caf27af23a6b10786
parent: e684b2a3fbd7d077ba4dabbd7fb4c7d1ff09c30c
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat May 19 23:48:33 EDT 2018
ip/cifsd: limit response data count in TRANS2 for remotebuffersize, avoid empty filename for the root
--- a/sys/src/cmd/ip/cifsd/dir.c
+++ b/sys/src/cmd/ip/cifsd/dir.c
@@ -65,8 +65,11 @@
Dir *d, *t;
int n, i;
- if(d = dirstat(*path))
+ if(d = dirstat(*path)){+ if(d->name[0] == 0)
+ d->name = "/";
return d;
+ }
if(!splitpath(*path, &base, &name))
return nil;
if((n = xdirread0(&base, namecmp, &t)) < 0)
--- a/sys/src/cmd/ip/cifsd/smb.c
+++ b/sys/src/cmd/ip/cifsd/smb.c
@@ -1614,8 +1614,11 @@
goto unsup;
}
if(57+((rsc+1)&~1)+((rpc+3)&~3)+((rdc+3)&~3) > remotebuffersize){- logit("[%.4x] %s response doesnt fit in client buffer", t.cmd, t.name);- goto unsup;
+ rdc = remotebuffersize-(57+((rsc+1)&~1)+((rpc+3)&~3)) & ~3;
+ if(rdc <= 0){+ logit("[%.4x] %s response doesnt fit in client buffer", t.cmd, t.name);+ goto unsup;
+ }
}
t.in.param.b = t.in.param.p = pa; t.in.param.e = pe;