diff options
author | Stefan Metzmacher <metze@samba.org> | 2009-03-18 08:46:38 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2009-03-19 13:57:21 +0100 |
commit | 88dd6af605dc5754b7e146a068272d37651da710 (patch) | |
tree | 2cb580585476e72214f57656259501a41be53e68 /source3/libsmb | |
parent | 880fbc4e8cd67de73c4bcda94489eb1e1422a04b (diff) | |
download | samba-88dd6af605dc5754b7e146a068272d37651da710.tar.gz samba-88dd6af605dc5754b7e146a068272d37651da710.tar.bz2 samba-88dd6af605dc5754b7e146a068272d37651da710.zip |
s3:libsmb: always create bytes array in cli_trans code
Otherwise we return NO_MEMORY without a reason for fragmented trans
requests, as talloc_append_blob() returns buf if we append a 0 length
blob. When we pass buf = NULL we'll get back NULL and then assume
NO_MEMORY...
metze
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/clitrans.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index f5794ea04e..0266c0307e 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -731,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, uint16_t this_data = 0; uint32_t useable_space; uint8_t cmd; + uint8_t pad[3]; frame = talloc_stackframe(); @@ -743,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset = smb_size - 4; + bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */ + if (bytes == NULL) { + goto fail; + } + switch (cmd) { case SMBtrans: - bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */ + pad[0] = 0; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 1)); if (bytes == NULL) { goto fail; } @@ -759,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset += talloc_get_size(bytes); break; case SMBtrans2: - bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */ + pad[0] = 0; + pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ + pad[2] = ' '; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 3)); if (bytes == NULL) { goto fail; } - bytes[0] = 0; - bytes[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ - bytes[2] = ' '; wct = 14 + state->num_setup; param_offset += talloc_get_size(bytes); break; |