diff options
| author | Volker Lendecke <vl@samba.org> | 2008-08-10 17:53:35 +0200 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2008-08-10 18:24:33 +0200 |
| commit | 1a7b6fe34d6d7d29256fe3b5432593fa07d74838 (patch) | |
| tree | 283448433714ec4252cd5259b60492812dfc9b09 | |
| parent | 12b6c1f57db772679cfb4b640a3f3dba259c9c72 (diff) | |
| download | samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.tar.gz samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.tar.bz2 samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.zip | |
fix smb_len calculation for chained requests
I think chain_reply() is one of the most tricky parts of Samba. This recursion
needs to go away, we need to sequentially walk the chain list.
(This used to be commit af2b01d85188d2301580643f7e862e3e3988aadc)
| -rw-r--r-- | source3/smbd/process.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index a1d2d88b3d..332a2e4da3 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1653,6 +1653,7 @@ void chain_reply(struct smb_request *req) char *outbuf = (char *)req->outbuf; size_t outsize = smb_len(outbuf) + 4; size_t outsize_padded; + size_t padding; size_t ofs, to_move; struct smb_request *req2; @@ -1691,6 +1692,7 @@ void chain_reply(struct smb_request *req) */ outsize_padded = (outsize + 3) & ~3; + padding = outsize_padded - outsize; /* * remember how much the caller added to the chain, only counting @@ -1804,17 +1806,17 @@ void chain_reply(struct smb_request *req) SCVAL(outbuf, smb_vwv0, smb_com2); SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4); - if (outsize_padded > outsize) { + if (padding != 0) { /* * Due to padding we have some uninitialized bytes after the * caller's output */ - memset(outbuf + outsize, 0, outsize_padded - outsize); + memset(outbuf + outsize, 0, padding); } - smb_setlen(outbuf, outsize2 + chain_size - 4); + smb_setlen(outbuf, outsize2 + caller_outputlen + padding - 4); /* * restore the saved data, being careful not to overwrite any data |