The branch, v3-2-test has been updated
via c3de44b6b063e126095b30536fdcb643c70e395e (commit)
from 4d7badb0c44f287034f58d9a412e662c0fbecdc9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit c3de44b6b063e126095b30536fdcb643c70e395e
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date: Fri Nov 2 10:35:10 2007 -0700
Argggh. smblen doesn't include the +4, so my smb_doff calculations
shouldn't either :-).
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/smbd/reply.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index de0e852..84c1892 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -3927,8 +3927,8 @@ void reply_write_and_X(connection_struct *conn, struct
smb_request *req)
smblen = smb_len(req->inbuf);
if (req->unread_bytes > 0xFFFF ||
- (smblen > smb_doff + 4 &&
- smblen - smb_doff + 4 > 0xFFFF)) {
+ (smblen > smb_doff &&
+ smblen - smb_doff > 0xFFFF)) {
numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
}
@@ -3939,8 +3939,8 @@ void reply_write_and_X(connection_struct *conn, struct
smb_request *req)
return;
}
} else {
- if (smb_doff + 4 > smblen || smb_doff + 4 + numtowrite <
numtowrite ||
- smb_doff + 4 + numtowrite > smblen) {
+ if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
+ smb_doff + numtowrite > smblen) {
reply_doserror(req, ERRDOS, ERRbadmem);
END_PROFILE(SMBwriteX);
return;
--
Samba Shared Repository
