summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-11-02 10:35:10 -0700
committerJeremy Allison <jra@samba.org>2007-11-02 10:35:10 -0700
commit414ab2ce46dd62d0119f03eca93783bc489af896 (patch)
tree2d2265a66537816c2745f1857751af020f2d5f4e
parente075b3692bb2c9507231f0662010fc55c1b506c4 (diff)
downloadsamba-414ab2ce46dd62d0119f03eca93783bc489af896.tar.gz
samba-414ab2ce46dd62d0119f03eca93783bc489af896.tar.bz2
samba-414ab2ce46dd62d0119f03eca93783bc489af896.zip
Argggh. smblen doesn't include the +4, so my smb_doff calculations
shouldn't either :-). Jeremy. (This used to be commit c3de44b6b063e126095b30536fdcb643c70e395e)
-rw-r--r--source3/smbd/reply.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index de0e852e2a..84c1892560 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3927,8 +3927,8 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req)
smblen = smb_len(req->inbuf);
if (req->unread_bytes > 0xFFFF ||
- (smblen > smb_doff + 4 &&
- smblen - smb_doff + 4 > 0xFFFF)) {
+ (smblen > smb_doff &&
+ smblen - smb_doff > 0xFFFF)) {
numtowrite |= (((size_t)SVAL(req->inbuf,smb_vwv9))<<16);
}
@@ -3939,8 +3939,8 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req)
return;
}
} else {
- if (smb_doff + 4 > smblen || smb_doff + 4 + numtowrite < numtowrite ||
- smb_doff + 4 + numtowrite > smblen) {
+ if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
+ smb_doff + numtowrite > smblen) {
reply_doserror(req, ERRDOS, ERRbadmem);
END_PROFILE(SMBwriteX);
return;