Bug in samba 3, reply_readbmpx()
samba.10.maazl at spamgourmet.com
samba.10.maazl at spamgourmet.com
Wed Jul 13 22:49:25 GMT 2005
Hi,
there is a bug in reply_readbmpx(). The length of the reply does not
take the padding byte into account.
Symptom:
Data corruption if smb_readbmpx is used.
Fix:
see attached diff.
Info:
This bug is not very likely to cause truble since read_bmpx is turned
off by default. However, turning it on significantly improoves the
responsiveness and the throughput of the server during concurrent requests.
At least OS/2 clients will profit from it. I got 10,200K/s (instead of
about 6.800K/s) with two parallel read tasks.
Marcel Müller
-------------- next part --------------
Index: smbd/reply.c
===================================================================
--- smbd/reply.c (revision 8263)
+++ smbd/reply.c (working copy)
@@ -5307,7 +5307,7 @@
if (nread < (ssize_t)N)
tcount = total_read + nread;
- set_message(outbuf,8,nread,False);
+ set_message(outbuf,8,nread+pad,False);
SIVAL(outbuf,smb_vwv0,startpos);
SSVAL(outbuf,smb_vwv2,tcount);
SSVAL(outbuf,smb_vwv6,nread);
More information about the samba-technical
mailing list