The branch, v3-2-test has been updated via c3de44b6b063e126095b30536fdcb643c70e395e (commit) from 4d7badb0c44f287034f58d9a412e662c0fbecdc9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log ----------------------------------------------------------------- commit c3de44b6b063e126095b30536fdcb643c70e395e Author: Jeremy Allison <[EMAIL PROTECTED]> Date: Fri Nov 2 10:35:10 2007 -0700 Argggh. smblen doesn't include the +4, so my smb_doff calculations shouldn't either :-). Jeremy. ----------------------------------------------------------------------- Summary of changes: source/smbd/reply.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/reply.c b/source/smbd/reply.c index de0e852..84c1892 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -3927,8 +3927,8 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) smblen = smb_len(req->inbuf); if (req->unread_bytes > 0xFFFF || - (smblen > smb_doff + 4 && - smblen - smb_doff + 4 > 0xFFFF)) { + (smblen > smb_doff && + smblen - smb_doff > 0xFFFF)) { numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16); } @@ -3939,8 +3939,8 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req) return; } } else { - if (smb_doff + 4 > smblen || smb_doff + 4 + numtowrite < numtowrite || - smb_doff + 4 + numtowrite > smblen) { + if (smb_doff > smblen || smb_doff + numtowrite < numtowrite || + smb_doff + numtowrite > smblen) { reply_doserror(req, ERRDOS, ERRbadmem); END_PROFILE(SMBwriteX); return; -- Samba Shared Repository