Author: jra Date: 2005-07-26 17:58:53 +0000 (Tue, 26 Jul 2005) New Revision: 8782
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8782 Log: Fix bug #2918. The problem was using Inbuffer to push a deferred open message onto the queue when we're in a chained message set - we're actually processing a different buffer then. Added current_inbuf as a static inside smbd/process.c to ensure the correct message gets pushed and processed. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/process.c =================================================================== --- branches/SAMBA_3_0/source/smbd/process.c 2005-07-26 12:41:29 UTC (rev 8781) +++ branches/SAMBA_3_0/source/smbd/process.c 2005-07-26 17:58:53 UTC (rev 8782) @@ -29,6 +29,7 @@ static char *InBuffer = NULL; static char *OutBuffer = NULL; +static char *current_inbuf = NULL; /* * Size of data we can send to client. Set @@ -245,12 +246,12 @@ /**************************************************************************** Function to push a sharing violation open smb message onto a linked list of local smb messages ready - for processing. + for processing. We must use current_inbuf here not Inbuf in case we're in a chained message set. ****************************************************************************/ BOOL push_sharing_violation_open_smb_message(struct timeval *ptv, char *private_data, size_t priv_len) { - uint16 mid = SVAL(InBuffer,smb_mid); + uint16 mid = SVAL(current_inbuf,smb_mid); struct timeval tv; SMB_BIG_INT tdif; @@ -270,11 +271,11 @@ tv.tv_usec = tdif % 1000000; DEBUG(10,("push_sharing_violation_open_smb_message: pushing message len %u mid %u\ - timeout time [%u.%06u]\n", (unsigned int) smb_len(InBuffer)+4, (unsigned int)mid, + timeout time [%u.%06u]\n", (unsigned int) smb_len(current_inbuf)+4, (unsigned int)mid, (unsigned int)tv.tv_sec, (unsigned int)tv.tv_usec)); - return push_queued_message(SHARE_VIOLATION_QUEUE, InBuffer, - smb_len(InBuffer)+4, &tv, private_data, priv_len); + return push_queued_message(SHARE_VIOLATION_QUEUE, current_inbuf, + smb_len(current_inbuf)+4, &tv, private_data, priv_len); } /**************************************************************************** @@ -986,6 +987,7 @@ !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1)))) return(ERROR_DOS(ERRSRV,ERRaccess)); + current_inbuf = inbuf; /* In case we need to defer this message in open... */ outsize = smb_messages[type].fn(conn, inbuf,outbuf,size,bufsize); }
