svn commit: samba r14853 - in trunk/source/smbd: .
vlendec at samba.org
vlendec at samba.org
Sat Apr 1 19:17:08 GMT 2006
Author: vlendec
Date: 2006-04-01 19:17:07 +0000 (Sat, 01 Apr 2006)
New Revision: 14853
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14853
Log:
When going through ipc, trans2 and nttrans I had started from the 3_0
ipc.c. Fix the bug in the 3 new implementations that Jeremy just fixed in
3_0/smbd/ipc.c.
Thanks again to G?\195?\188nther Kukkukk !
Volker
Modified:
trunk/source/smbd/ipc.c
trunk/source/smbd/nttrans.c
trunk/source/smbd/trans2.c
Changeset:
Modified: trunk/source/smbd/ipc.c
===================================================================
--- trunk/source/smbd/ipc.c 2006-04-01 18:41:07 UTC (rev 14852)
+++ trunk/source/smbd/ipc.c 2006-04-01 19:17:07 UTC (rev 14853)
@@ -638,7 +638,7 @@
goto bad_param;
if (pdisp > state->total_param)
goto bad_param;
- if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) ||
+ if ((smb_base(inbuf) + poff + pcnt > inbuf + size) ||
(smb_base(inbuf) + poff + pcnt < smb_base(inbuf)))
goto bad_param;
if (state->param + pdisp < state->param)
@@ -655,7 +655,7 @@
goto bad_param;
if (ddisp > state->total_data)
goto bad_param;
- if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) ||
+ if ((smb_base(inbuf) + doff + dcnt > inbuf + size) ||
(smb_base(inbuf) + doff + dcnt < smb_base(inbuf)))
goto bad_param;
if (state->data + ddisp < state->data)
Modified: trunk/source/smbd/nttrans.c
===================================================================
--- trunk/source/smbd/nttrans.c 2006-04-01 18:41:07 UTC (rev 14852)
+++ trunk/source/smbd/nttrans.c 2006-04-01 19:17:07 UTC (rev 14853)
@@ -3029,7 +3029,7 @@
goto bad_param;
if (pdisp > state->total_param)
goto bad_param;
- if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) ||
+ if ((smb_base(inbuf) + poff + pcnt > inbuf + size) ||
(smb_base(inbuf) + poff + pcnt < smb_base(inbuf)))
goto bad_param;
if (state->param + pdisp < state->param)
@@ -3046,7 +3046,7 @@
goto bad_param;
if (ddisp > state->total_data)
goto bad_param;
- if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) ||
+ if ((smb_base(inbuf) + doff + dcnt > inbuf + size) ||
(smb_base(inbuf) + doff + dcnt < smb_base(inbuf)))
goto bad_param;
if (state->data + ddisp < state->data)
Modified: trunk/source/smbd/trans2.c
===================================================================
--- trunk/source/smbd/trans2.c 2006-04-01 18:41:07 UTC (rev 14852)
+++ trunk/source/smbd/trans2.c 2006-04-01 19:17:07 UTC (rev 14853)
@@ -5332,7 +5332,7 @@
goto bad_param;
if (pdisp > state->total_param)
goto bad_param;
- if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) ||
+ if ((smb_base(inbuf) + poff + pcnt > inbuf + size) ||
(smb_base(inbuf) + poff + pcnt < smb_base(inbuf)))
goto bad_param;
if (state->param + pdisp < state->param)
@@ -5349,7 +5349,7 @@
goto bad_param;
if (ddisp > state->total_data)
goto bad_param;
- if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) ||
+ if ((smb_base(inbuf) + doff + dcnt > inbuf + size) ||
(smb_base(inbuf) + doff + dcnt < smb_base(inbuf)))
goto bad_param;
if (state->data + ddisp < state->data)
More information about the samba-cvs
mailing list