summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-28 23:28:02 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:41 -0500
commit0a1342f51ee11d1030a4932ee43feec821aa93bf (patch)
treeac4b4a52febd89fa47b980b99cc6a715a22df1fa
parentba4a5632225e588c082914270b46283139562bdc (diff)
downloadsamba-0a1342f51ee11d1030a4932ee43feec821aa93bf.tar.gz
samba-0a1342f51ee11d1030a4932ee43feec821aa93bf.tar.bz2
samba-0a1342f51ee11d1030a4932ee43feec821aa93bf.zip
r4383: in order to cope with overfilled buffers on trans2 findfirst we need to use 32 bit offsets and lengths
in trans2 fill code, even though the packets themselves can only use 16 bit lengths. This prevents the overflow detection code from failing due to 16 bit length wrap. (This used to be commit 5cd74c22e99bc78e1f3ddf3f098790c4b4b87b4f)
-rw-r--r--source4/smb_server/trans2.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/source4/smb_server/trans2.c b/source4/smb_server/trans2.c
index 2f2629a3ea..8aa60daa6d 100644
--- a/source4/smb_server/trans2.c
+++ b/source4/smb_server/trans2.c
@@ -119,8 +119,8 @@ static size_t trans2_pull_blob_string(struct smbsrv_request *req,
*/
static size_t trans2_push_data_string(struct smbsrv_request *req,
struct smb_trans2 *trans,
- uint16_t len_offset,
- uint16_t offset,
+ uint32_t len_offset,
+ uint32_t offset,
const WIRE_STRING *str,
int dest_len,
int flags)
@@ -193,7 +193,7 @@ static void trans2_append_data_string(struct smbsrv_request *req,
int flags)
{
size_t ret;
- uint16_t offset;
+ uint32_t offset;
const int max_bytes_per_char = 3;
offset = trans->out.data.length;
@@ -718,7 +718,7 @@ static NTSTATUS trans2_fileinfo_fill(struct smbsrv_request *req, struct smb_tran
SSVAL(trans->out.params.data, 0, 0);
for (i=0;i<st->stream_info.out.num_streams;i++) {
- uint16_t data_size = trans->out.data.length;
+ uint32_t data_size = trans->out.data.length;
uint8_t *data;
trans2_grow_data(req, trans, data_size + 24);
@@ -1277,7 +1277,8 @@ static NTSTATUS trans2_findfirst(struct smbsrv_request *req, struct smb_trans2 *
}
}
- /* setup the private state structure that the backend will give us in the callback */
+ /* setup the private state structure that the backend will
+ give us in the callback */
state.req = req;
state.trans = trans;
state.level = search.t2ffirst.level;