The branch, v3-3-test has been updated via a18cd579160ea3b70e43895a2a83f7734014f091 (commit) from be8ac33179f56296118435e2732ccffdf7ddd305 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit a18cd579160ea3b70e43895a2a83f7734014f091 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Sep 8 22:53:50 2008 +0200 Fix calculation of useable_space for trans2 and nttrans replies When alignment was in place, we pretended to send more data/params according to the param_offset/param_length and data_offset/data_length parameters than would actually fit into the SMB according to the NBSS length field. ----------------------------------------------------------------------- Summary of changes: source/smbd/nttrans.c | 22 ++++++++++------------ source/smbd/trans2.c | 15 +++++++++------ 2 files changed, 19 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index b695127..567c428 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -91,14 +91,11 @@ void send_nt_replies(connection_struct *conn, + alignment_offset + data_alignment_offset); - /* - * useable_space can never be more than max_send minus the - * alignment offset. - */ - - useable_space = MIN(useable_space, - max_send - (alignment_offset+data_alignment_offset)); - + if (useable_space < 0) { + DEBUG(0, ("send_nt_replies failed sanity useable_space " + "= %d!!!", useable_space)); + exit_server_cleanly("send_nt_replies: srv_send_smb failed."); + } while (params_to_send || data_to_send) { @@ -106,8 +103,7 @@ void send_nt_replies(connection_struct *conn, * Calculate whether we will totally or partially fill this packet. */ - total_sent_thistime = params_to_send + data_to_send + - alignment_offset + data_alignment_offset; + total_sent_thistime = params_to_send + data_to_send; /* * We can never send more than useable_space. @@ -115,7 +111,9 @@ void send_nt_replies(connection_struct *conn, total_sent_thistime = MIN(total_sent_thistime, useable_space); - reply_outbuf(req, 18, total_sent_thistime); + reply_outbuf(req, 18, + total_sent_thistime + alignment_offset + + data_alignment_offset); /* * Set total params and data to be sent. @@ -242,7 +240,7 @@ void send_nt_replies(connection_struct *conn, if(params_to_send < 0 || data_to_send < 0) { DEBUG(0,("send_nt_replies failed sanity check pts = %d, dts = %d\n!!!", params_to_send, data_to_send)); - return; + exit_server_cleanly("send_nt_replies: internal error"); } } } diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 8d839b6..3c17533 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -744,14 +744,16 @@ void send_trans2_replies(connection_struct *conn, + alignment_offset + data_alignment_offset); - /* useable_space can never be more than max_send minus the alignment offset. */ - - useable_space = MIN(useable_space, max_send - (alignment_offset+data_alignment_offset)); + if (useable_space < 0) { + DEBUG(0, ("send_trans2_replies failed sanity useable_space " + "= %d!!!", useable_space)); + exit_server_cleanly("send_trans2_replies: Not enough space"); + } while (params_to_send || data_to_send) { /* Calculate whether we will totally or partially fill this packet */ - total_sent_thistime = params_to_send + data_to_send + alignment_offset + data_alignment_offset; + total_sent_thistime = params_to_send + data_to_send; /* We can never send more than useable_space */ /* @@ -761,9 +763,10 @@ void send_trans2_replies(connection_struct *conn, * are sent here. Fix from [EMAIL PROTECTED] */ - total_sent_thistime = MIN(total_sent_thistime, useable_space+ alignment_offset + data_alignment_offset); + total_sent_thistime = MIN(total_sent_thistime, useable_space); - reply_outbuf(req, 10, total_sent_thistime); + reply_outbuf(req, 10, total_sent_thistime + alignment_offset + + data_alignment_offset); /* Set total params and data to be sent */ SSVAL(req->outbuf,smb_tprcnt,paramsize); -- Samba Shared Repository