Author: jra Date: 2005-07-26 18:04:03 +0000 (Tue, 26 Jul 2005) New Revision: 8783
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8783 Log: Fix bug #2918. The problem was using Inbuffer to push a deferred open message onto the queue when we're in a chained message set - we're actually processing a different buffer then. Added current_inbuf as a static inside smbd/process.c to ensure the correct message gets pushed and processed. Jeremy. Modified: trunk/source/smbd/process.c Changeset: Modified: trunk/source/smbd/process.c =================================================================== --- trunk/source/smbd/process.c 2005-07-26 17:58:53 UTC (rev 8782) +++ trunk/source/smbd/process.c 2005-07-26 18:04:03 UTC (rev 8783) @@ -29,6 +29,7 @@ static char *InBuffer = NULL; static char *OutBuffer = NULL; +static char *current_inbuf = NULL; /* * Size of data we can send to client. Set @@ -236,7 +237,7 @@ SMB_BIG_INT usec_timeout, char *private_data, size_t priv_len) { - uint16 mid = SVAL(InBuffer,smb_mid); + uint16 mid = SVAL(current_inbuf,smb_mid); struct timeval tv; SMB_BIG_INT tdif; @@ -252,11 +253,11 @@ tv.tv_usec = tdif % 1000000; DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u\ - timeout time [%u.%06u]\n", (unsigned int) smb_len(InBuffer)+4, (unsigned int)mid, + timeout time [%u.%06u]\n", (unsigned int) smb_len(current_inbuf)+4, (unsigned int)mid, (unsigned int)tv.tv_sec, (unsigned int)tv.tv_usec)); - return push_queued_message(SHARE_VIOLATION_QUEUE, InBuffer, - smb_len(InBuffer)+4, &tv, private_data, priv_len); + return push_queued_message(SHARE_VIOLATION_QUEUE, current_inbuf, + smb_len(current_inbuf)+4, &tv, private_data, priv_len); } /**************************************************************************** @@ -968,6 +969,7 @@ !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1)))) return(ERROR_DOS(ERRSRV,ERRaccess)); + current_inbuf = inbuf; /* In case we need to defer this message in open... */ outsize = smb_messages[type].fn(conn, inbuf,outbuf,size,bufsize); }