[SCM] Samba Shared Repository - branch v3-6-test updated

Thu Sep 15 12:45:58 MDT 2011

The branch, v3-6-test has been updated
       via  740c7bd Fix bug 8429 - Compound SMB2 requests on an IPC connection can corrupt the reply stream.
      from  a272dcf s3-spoolss: Fix bug #8351 forms migration.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 740c7bd0fead31517890548a02f881b7310cc537
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Aug 30 17:37:19 2011 -0700

    Fix bug 8429 - Compound SMB2 requests on an IPC connection can corrupt the reply stream.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Wed Aug 31 21:18:11 CEST 2011 on sn-devel-104
    (cherry picked from commit 786fe9fab223723e4d2340f285592b2a44945d73)

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb2_server.c |   31 ++++++++++++++++++-------------
 1 files changed, 18 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index d7a40ed..41ef607 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -901,7 +901,7 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req,
 
 	/* Don't return an intermediate packet on a pipe read/write. */
 	if (req->tcon && req->tcon->compat_conn && IS_IPC(req->tcon->compat_conn)) {
-		return NT_STATUS_OK;
+		goto ipc_out;
 	}
 
 	reqhdr = (uint8_t *)req->out.vector[i].iov_base;
@@ -990,6 +990,8 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req,
 	/* Note we're going async with this request. */
 	req->async = true;
 
+  ipc_out:
+
 	/*
 	 * Now manipulate req so that the outstanding async request
 	 * is the only one left in the struct smbd_smb2_request.
@@ -1037,19 +1039,22 @@ NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req,
 	smb2_setup_nbt_length(req->out.vector,
 		req->out.vector_count);
 
-	/* Ensure our final reply matches the interim one. */
-	reqhdr = (uint8_t *)req->out.vector[1].iov_base;
-	SIVAL(reqhdr, SMB2_HDR_FLAGS, flags | SMB2_HDR_FLAG_ASYNC);
-	SBVAL(reqhdr, SMB2_HDR_PID, async_id);
+	if (req->async) {
+		/* Ensure our final reply matches the interim one. */
+		reqhdr = (uint8_t *)req->out.vector[1].iov_base;
+		SIVAL(reqhdr, SMB2_HDR_FLAGS, flags | SMB2_HDR_FLAG_ASYNC);
+		SBVAL(reqhdr, SMB2_HDR_PID, async_id);
 
-	{
-		const uint8_t *inhdr =
-			(const uint8_t *)req->in.vector[1].iov_base;
-		DEBUG(10,("smbd_smb2_request_pending_queue: opcode[%s] mid %llu "
-			"going async\n",
-			smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)),
-			(unsigned long long)async_id ));
+		{
+			const uint8_t *inhdr =
+				(const uint8_t *)req->in.vector[1].iov_base;
+			DEBUG(10,("smbd_smb2_request_pending_queue: opcode[%s] mid %llu "
+				"going async\n",
+				smb2_opcode_name((uint16_t)IVAL(inhdr, SMB2_HDR_OPCODE)),
+				(unsigned long long)async_id ));
+		}
 	}
+
 	return NT_STATUS_OK;
 }
 


-- 
Samba Shared Repository
