[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-2801-g34b56cb
Volker Lendecke
vlendec at samba.org
Sun Aug 10 16:17:52 GMT 2008
The branch, v3-2-test has been updated
via 34b56cb54e06f9b38d2bb0a626ec7b04030fc4fa (commit)
via 2abeea64e15f0e8e8c413744de9194bdcedd6f16 (commit)
from fc309e41a45079d58c03dc6fb0c35ceb4517f0ae (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 34b56cb54e06f9b38d2bb0a626ec7b04030fc4fa
Author: Volker Lendecke <vl at samba.org>
Date: Sun Aug 10 17:53:35 2008 +0200
fix smb_len calculation for chained requests
I think chain_reply() is one of the most tricky parts of Samba. This recursion
needs to go away, we need to sequentially walk the chain list.
commit 2abeea64e15f0e8e8c413744de9194bdcedd6f16
Author: Volker Lendecke <vl at samba.org>
Date: Sun Aug 10 17:37:08 2008 +0200
Fix andx offset calculation for more than 2 chained requests
Untested code is broken code.... Test follows later, it's quite an intrusive
change to libsmb/
-----------------------------------------------------------------------
Summary of changes:
source/smbd/process.c | 16 ++++++++++++----
1 files changed, 12 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 1c28f68..4989c8f 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -1636,6 +1636,7 @@ void chain_reply(struct smb_request *req)
char *outbuf = (char *)req->outbuf;
size_t outsize = smb_len(outbuf) + 4;
size_t outsize_padded;
+ size_t padding;
size_t ofs, to_move;
struct smb_request *req2;
@@ -1674,12 +1675,13 @@ void chain_reply(struct smb_request *req)
*/
outsize_padded = (outsize + 3) & ~3;
+ padding = outsize_padded - outsize;
/*
* remember how much the caller added to the chain, only counting
* stuff after the parameter words
*/
- chain_size += outsize_padded - smb_wct;
+ chain_size += (outsize_padded - smb_wct);
/*
* work out pointers into the original packets. The
@@ -1787,17 +1789,17 @@ void chain_reply(struct smb_request *req)
SCVAL(outbuf, smb_vwv0, smb_com2);
SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
- if (outsize_padded > outsize) {
+ if (padding != 0) {
/*
* Due to padding we have some uninitialized bytes after the
* caller's output
*/
- memset(outbuf + outsize, 0, outsize_padded - outsize);
+ memset(outbuf + outsize, 0, padding);
}
- smb_setlen(outbuf, outsize2 + chain_size - 4);
+ smb_setlen(outbuf, outsize2 + caller_outputlen + padding - 4);
/*
* restore the saved data, being careful not to overwrite any data
@@ -1808,6 +1810,12 @@ void chain_reply(struct smb_request *req)
SAFE_FREE(caller_output);
TALLOC_FREE(req2);
+ /*
+ * Reset the chain_size for our caller's offset calculations
+ */
+
+ chain_size -= (outsize_padded - smb_wct);
+
return;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list