diff options
author | Luke Leighton <lkcl@samba.org> | 1998-10-20 18:27:49 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-10-20 18:27:49 +0000 |
commit | 1ebeb54932de01323356e8201d465656b8723d46 (patch) | |
tree | da41300fe2d31576f3efc0041739626b618fbb66 /source3/rpc_server/srv_pipe_hnd.c | |
parent | 476d0fd23682452d0d9f56ff2e166243d74cfdbc (diff) | |
download | samba-1ebeb54932de01323356e8201d465656b8723d46.tar.gz samba-1ebeb54932de01323356e8201d465656b8723d46.tar.bz2 samba-1ebeb54932de01323356e8201d465656b8723d46.zip |
some quite important bug-fixes i missed because i transferred the wrong
smb.tgz file from my portable.
particularly the call to mem_data followed by a realloc of that data in
cli_pipe.c's rpc_read() function.
smbd responses now use p->rdata_i which is a faked-up pointer into
p->rdata's response data. rdata can be very long; rdata_i is limited
to point to no more than max_tsize - 0x18 in length. this will make
it an almost trivial task to add the encrypted rpc headers after
rdata_i, and mem_buf_copy will cope admirably with rhdr chained to
rdata_i chained to auth_verifier etc etc...
(This used to be commit 05a297e3a98c14360782af4ad0d851638fb5da9a)
Diffstat (limited to 'source3/rpc_server/srv_pipe_hnd.c')
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index d5c99b89c4..54ecbf707e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -3,8 +3,8 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -175,7 +175,7 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) dump_data(50, data, n); /* fake up a data buffer from the write_pipe data parameters */ - mem_create(&data_buf, data, n, 0, False); + mem_create(&data_buf, data, 0, n, 0, False); data_buf.offset.start = 0; data_buf.offset.end = n; @@ -196,7 +196,7 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) this function is called, the start of the data could possibly have been read by an SMBtrans (file_offset != 0). - calling create_rpc_request() here is a fudge. the data should already + calling create_rpc_reply() here is a fudge. the data should already have been prepared into arrays of headers + data stream sections. ****************************************************************************/ @@ -268,8 +268,6 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n) mem_buf_copy(data, p->rhdr.data, 0, 0x18); data += 0x18; - p->frag_len_left = p->hdr.frag_len; - p->next_frag_start += p->hdr.frag_len; p->hdr_offsets += 0x18; } } |