[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-158-g2d3ff9c

Jeremy Allison Thu, 01 Nov 2007 21:31:41 -0800

The branch, v3-2-test has been updated
       via  2d3ff9c502105f92720131355b41e48be8d656c2 (commit)
      from  1c71546b6152d2930b98f766311bbd161ee0ee4e (commit)


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 2d3ff9c502105f92720131355b41e48be8d656c2
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date:   Thu Nov 1 22:24:39 2007 -0700

    Be careful and take care of the correct lengths in large
    writeX calls.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/smbd/reply.c |   16 +++++++---------
 1 files changed, 7 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index d4f3f1f..c83066d 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -3912,7 +3912,6 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
        unsigned int smb_doff;
        unsigned int smblen;
        char *data;
-       bool large_writeX;
        NTSTATUS status;
 
        START_PROFILE(SMBwriteX);
@@ -3926,12 +3925,11 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
        numtowrite = SVAL(req->inbuf,smb_vwv10);
        smb_doff = SVAL(req->inbuf,smb_vwv11);
        smblen = smb_len(req->inbuf);
-       large_writeX = (req->wct == 14 &&
-                       (smblen > 0xFFFF || req->unread_bytes > 0xFFFF));
 
-       /* Deal with possible LARGE_WRITEX */
-       if (large_writeX) {
-               numtowrite |= ((((size_t)SVAL(req->inbuf,smb_vwv9)) & 1 )<<16);
+       if (req->unread_bytes > 0xFFFF ||
+                       (smblen > smb_doff + 4 &&
+                               smblen - smb_doff + 4 > 0xFFFF)) {
+               numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
        }
 
        if (req->unread_bytes) {
@@ -3941,7 +3939,8 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
                        return;
                }
        } else {
-               if (smb_doff > smblen || smb_doff + numtowrite > smblen) {
+               if (smb_doff + 4 > smblen || smb_doff + 4 + numtowrite < 
numtowrite ||
+                               smb_doff + 4 + numtowrite > smblen) {
                        reply_doserror(req, ERRDOS, ERRbadmem);
                        END_PROFILE(SMBwriteX);
                        return;
@@ -4032,8 +4031,7 @@ void reply_write_and_X(connection_struct *conn, struct 
smb_request *req)
 
        reply_outbuf(req, 6, 0);
        SSVAL(req->outbuf,smb_vwv2,nwritten);
-       if (large_writeX)
-               SSVAL(req->outbuf,smb_vwv4,(nwritten>>16)&1);
+       SSVAL(req->outbuf,smb_vwv4,nwritten>>16);
 
        if (nwritten < (ssize_t)numtowrite) {
                SCVAL(req->outbuf,smb_rcls,ERRHRD);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-158-g2d3ff9c

Reply via email to