summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2009-03-18 08:46:38 +0100
committerStefan Metzmacher <metze@samba.org>2009-03-19 13:57:21 +0100
commit88dd6af605dc5754b7e146a068272d37651da710 (patch)
tree2cb580585476e72214f57656259501a41be53e68 /source3/libsmb
parent880fbc4e8cd67de73c4bcda94489eb1e1422a04b (diff)
downloadsamba-88dd6af605dc5754b7e146a068272d37651da710.tar.gz
samba-88dd6af605dc5754b7e146a068272d37651da710.tar.bz2
samba-88dd6af605dc5754b7e146a068272d37651da710.zip
s3:libsmb: always create bytes array in cli_trans code
Otherwise we return NO_MEMORY without a reason for fragmented trans requests, as talloc_append_blob() returns buf if we append a 0 length blob. When we pass buf = NULL we'll get back NULL and then assume NO_MEMORY... metze
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clitrans.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index f5794ea04e..0266c0307e 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -731,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
uint16_t this_data = 0;
uint32_t useable_space;
uint8_t cmd;
+ uint8_t pad[3];
frame = talloc_stackframe();
@@ -743,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
param_offset = smb_size - 4;
+ bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */
+ if (bytes == NULL) {
+ goto fail;
+ }
+
switch (cmd) {
case SMBtrans:
- bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */
+ pad[0] = 0;
+ bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+ data_blob_const(pad, 1));
if (bytes == NULL) {
goto fail;
}
@@ -759,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx,
param_offset += talloc_get_size(bytes);
break;
case SMBtrans2:
- bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */
+ pad[0] = 0;
+ pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */
+ pad[2] = ' ';
+ bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes,
+ data_blob_const(pad, 3));
if (bytes == NULL) {
goto fail;
}
- bytes[0] = 0;
- bytes[1] = 'D'; /* Copy this from "old" 3.0 behaviour */
- bytes[2] = ' ';
wct = 14 + state->num_setup;
param_offset += talloc_get_size(bytes);
break;