[SCM] Samba Shared Repository - branch master updated

Tue Feb 9 16:15:44 MST 2010

The branch, master has been updated
       via  8ddc977... Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
      from  a056eb8... Missed one check on the memcpy for bug #7063.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8ddc977c1421a47bedba8d5494f7ae67692b772a
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Feb 9 15:14:38 2010 -0800

    Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
    
    There are two problems:
    
    1). The server is off-by-one in the end of buffer space test.
    2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0)
    fields in the second and subsequent SMBtrans replies.
    
    This patch fixes both.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/ipc.c    |    3 +++
 source3/smbd/lanman.c |    6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 12d4922..97b338a 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -173,6 +173,9 @@ void send_trans_reply(connection_struct *conn,
 					   rparam, tot_param_sent, this_lparam,
 					   rdata, tot_data_sent, this_ldata);
 
+		SSVAL(req->outbuf,smb_vwv0,lparam);
+		SSVAL(req->outbuf,smb_vwv1,ldata);
+
 		SSVAL(req->outbuf,smb_vwv3,this_lparam);
 		SSVAL(req->outbuf,smb_vwv4,
 		      smb_offset(smb_buf(req->outbuf)+1,req->outbuf));
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index eed0cd2..4df1cea 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1457,7 +1457,7 @@ static bool api_RNetServerEnum2(connection_struct *conn, uint16 vuid,
 			DEBUG(4,("fill_srv_info[%d] %20s %8x %25s %15s\n",
 				i, s->name, s->type, s->comment, s->domain));
 
-			if (data_len <= buf_len) {
+			if (data_len < buf_len) {
 				counted++;
 				fixed_len += f_len;
 				string_len += s_len;
@@ -1663,7 +1663,7 @@ static bool api_RNetServerEnum3(connection_struct *conn, uint16 vuid,
 			DEBUG(4,("fill_srv_info[%d] %20s %8x %25s %15s\n",
 				i, s->name, s->type, s->comment, s->domain));
 
-			if (data_len <= buf_len) {
+			if (data_len < buf_len) {
 				counted++;
 				fixed_len += f_len;
 				string_len += s_len;
@@ -2030,7 +2030,7 @@ static bool api_RNetShareEnum( connection_struct *conn, uint16 vuid,
 		if( lp_browseable( i ) && lp_snum_ok( i ) && (strlen(servicename_dos) < 13)) {
 			total++;
 			data_len += fill_share_info(conn,i,uLevel,0,&f_len,0,&s_len,0);
-			if (data_len <= buf_len) {
+			if (data_len < buf_len) {
 				counted++;
 				fixed_len += f_len;
 				string_len += s_len;


-- 
Samba Shared Repository
