The branch, v3-3-test has been updated
via a18cd579160ea3b70e43895a2a83f7734014f091 (commit)
from be8ac33179f56296118435e2732ccffdf7ddd305 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit a18cd579160ea3b70e43895a2a83f7734014f091
Author: Volker Lendecke <[EMAIL PROTECTED]>
Date: Mon Sep 8 22:53:50 2008 +0200
Fix calculation of useable_space for trans2 and nttrans replies
When alignment was in place, we pretended to send more data/params
according to
the param_offset/param_length and data_offset/data_length parameters than
would
actually fit into the SMB according to the NBSS length field.
-----------------------------------------------------------------------
Summary of changes:
source/smbd/nttrans.c | 22 ++++++++++------------
source/smbd/trans2.c | 15 +++++++++------
2 files changed, 19 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index b695127..567c428 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -91,14 +91,11 @@ void send_nt_replies(connection_struct *conn,
+ alignment_offset
+ data_alignment_offset);
- /*
- * useable_space can never be more than max_send minus the
- * alignment offset.
- */
-
- useable_space = MIN(useable_space,
- max_send -
(alignment_offset+data_alignment_offset));
-
+ if (useable_space < 0) {
+ DEBUG(0, ("send_nt_replies failed sanity useable_space "
+ "= %d!!!", useable_space));
+ exit_server_cleanly("send_nt_replies: srv_send_smb failed.");
+ }
while (params_to_send || data_to_send) {
@@ -106,8 +103,7 @@ void send_nt_replies(connection_struct *conn,
* Calculate whether we will totally or partially fill this
packet.
*/
- total_sent_thistime = params_to_send + data_to_send +
- alignment_offset +
data_alignment_offset;
+ total_sent_thistime = params_to_send + data_to_send;
/*
* We can never send more than useable_space.
@@ -115,7 +111,9 @@ void send_nt_replies(connection_struct *conn,
total_sent_thistime = MIN(total_sent_thistime, useable_space);
- reply_outbuf(req, 18, total_sent_thistime);
+ reply_outbuf(req, 18,
+ total_sent_thistime + alignment_offset
+ + data_alignment_offset);
/*
* Set total params and data to be sent.
@@ -242,7 +240,7 @@ void send_nt_replies(connection_struct *conn,
if(params_to_send < 0 || data_to_send < 0) {
DEBUG(0,("send_nt_replies failed sanity check pts = %d,
dts = %d\n!!!",
params_to_send, data_to_send));
- return;
+ exit_server_cleanly("send_nt_replies: internal error");
}
}
}
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 8d839b6..3c17533 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -744,14 +744,16 @@ void send_trans2_replies(connection_struct *conn,
+ alignment_offset
+ data_alignment_offset);
- /* useable_space can never be more than max_send minus the alignment
offset. */
-
- useable_space = MIN(useable_space, max_send -
(alignment_offset+data_alignment_offset));
+ if (useable_space < 0) {
+ DEBUG(0, ("send_trans2_replies failed sanity useable_space "
+ "= %d!!!", useable_space));
+ exit_server_cleanly("send_trans2_replies: Not enough space");
+ }
while (params_to_send || data_to_send) {
/* Calculate whether we will totally or partially fill this
packet */
- total_sent_thistime = params_to_send + data_to_send +
alignment_offset + data_alignment_offset;
+ total_sent_thistime = params_to_send + data_to_send;
/* We can never send more than useable_space */
/*
@@ -761,9 +763,10 @@ void send_trans2_replies(connection_struct *conn,
* are sent here. Fix from [EMAIL PROTECTED]
*/
- total_sent_thistime = MIN(total_sent_thistime, useable_space+
alignment_offset + data_alignment_offset);
+ total_sent_thistime = MIN(total_sent_thistime, useable_space);
- reply_outbuf(req, 10, total_sent_thistime);
+ reply_outbuf(req, 10, total_sent_thistime + alignment_offset
+ + data_alignment_offset);
/* Set total params and data to be sent */
SSVAL(req->outbuf,smb_tprcnt,paramsize);
--
Samba Shared Repository
