svn commit: samba r3493 - in branches/SAMBA_4_0/source/smb_server: .
tridge at samba.org
tridge at samba.org
Tue Nov 2 22:01:12 GMT 2004
Author: tridge
Date: 2004-11-02 22:01:11 +0000 (Tue, 02 Nov 2004)
New Revision: 3493
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=3493
Log:
fixed a bug in readx reply where the client specifies an invalid high
part of the maxcnt. This caused an allocation failure and server exit.
Note: we need to go back over all the places in the core smb_server
that can cause allocation failures based on user input and fix them to
instead produce a SMB error.
Thanks to Susan for finding this bug.
Modified:
branches/SAMBA_4_0/source/smb_server/reply.c
Changeset:
Modified: branches/SAMBA_4_0/source/smb_server/reply.c
===================================================================
--- branches/SAMBA_4_0/source/smb_server/reply.c 2004-11-02 21:28:14 UTC (rev 3492)
+++ branches/SAMBA_4_0/source/smb_server/reply.c 2004-11-02 22:01:11 UTC (rev 3493)
@@ -892,8 +892,14 @@
io->readx.in.offset = IVAL(req->in.vwv, VWV(3));
io->readx.in.maxcnt = SVAL(req->in.vwv, VWV(5));
io->readx.in.mincnt = SVAL(req->in.vwv, VWV(6));
- io->readx.in.maxcnt |= IVAL(req->in.vwv, VWV(7)) << 16;
io->readx.in.remaining = SVAL(req->in.vwv, VWV(9));
+
+ if (req->smb_conn->negotiate.client_caps & CAP_LARGE_READX) {
+ uint32_t high_part = IVAL(req->in.vwv, VWV(7));
+ if (high_part == 1) {
+ io->readx.in.maxcnt |= high_part << 16;
+ }
+ }
/* the 64 bit variant */
if (req->in.wct == 12) {
More information about the samba-cvs
mailing list