diff options
| author | Jeremy Allison <jra@samba.org> | 2002-12-03 08:02:41 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2002-12-03 08:02:41 +0000 |
| commit | 6a019636b980857cf896f250841de757644ba9dd (patch) | |
| tree | a55c969f53624d123c5743cd655588128356dfa5 /source3/smbd/reply.c | |
| parent | 1c8e1e04480c5c050a0112ac70f3e66fab80ebba (diff) | |
| download | samba-6a019636b980857cf896f250841de757644ba9dd.tar.gz samba-6a019636b980857cf896f250841de757644ba9dd.tar.bz2 samba-6a019636b980857cf896f250841de757644ba9dd.zip | |
Fixed nasty bug where file writes with start offsets in the range
0x80000000 -> 0xFFFFFFFF would fail as they were being cast
from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types).
The sign extension would cause the offset to be treated as negative.
Thanks to Herb for helping me track this one down (IRIX is good for large
file tests :-).
Jeremy.
PS. That horrid EXEXIST thing has broken configure.....
(This used to be commit 2d14c442bc601a277458b69f05a763aa2a1ab3b7)
Diffstat (limited to 'source3/smbd/reply.c')
| -rw-r--r-- | source3/smbd/reply.c | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 2c29ffdf51..f320bf8ff5 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1532,7 +1532,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s flush_write_cache(fsp, READRAW_FLUSH); - startpos = IVAL(inbuf,smb_vwv1); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1); if(CVAL(inbuf,smb_wct) == 10) { /* * This is a large offset (64 bit) read. @@ -1627,7 +1627,7 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length release_level_2_oplocks_on_change(fsp); numtoread = SVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv2); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); outsize = set_message(outbuf,5,3,True); numtoread = MIN(BUFFER_SIZE-outsize,numtoread); @@ -1696,7 +1696,7 @@ int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int CHECK_READ(fsp); numtoread = SVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv2); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); outsize = set_message(outbuf,5,3,True); numtoread = MIN(BUFFER_SIZE-outsize,numtoread); @@ -1822,7 +1822,7 @@ int send_file_readX(connection_struct *conn, char *inbuf,char *outbuf,int length int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize) { files_struct *fsp = file_fsp(inbuf,smb_vwv2); - SMB_OFF_T startpos = IVAL(inbuf,smb_vwv3); + SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3); ssize_t nread = -1; size_t smb_maxcnt = SVAL(inbuf,smb_vwv5); #if 0 @@ -1900,7 +1900,7 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size, CHECK_WRITE(fsp); tcount = IVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv3); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3); write_through = BITSETW(inbuf+smb_vwv7,0); /* We have to deal with slightly different formats depending @@ -2030,7 +2030,7 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, CHECK_WRITE(fsp); numtowrite = SVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv2); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); data = smb_buf(inbuf) + 3; if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, @@ -2097,7 +2097,7 @@ int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int d CHECK_WRITE(fsp); numtowrite = SVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv2); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); data = smb_buf(inbuf) + 3; if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) { @@ -2158,7 +2158,7 @@ int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int d int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize) { files_struct *fsp = file_fsp(inbuf,smb_vwv2); - SMB_OFF_T startpos = IVAL(inbuf,smb_vwv3); + SMB_OFF_T startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3); size_t numtowrite = SVAL(inbuf,smb_vwv10); BOOL write_through = BITSETW(inbuf+smb_vwv7,0); ssize_t nwritten = -1; @@ -2269,7 +2269,8 @@ int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int size, int flush_write_cache(fsp, SEEK_FLUSH); mode = SVAL(inbuf,smb_vwv1) & 3; - startpos = IVALS(inbuf,smb_vwv2); + /* NB. This doesn't use IVAL_TO_SMB_OFF_T as startpos can be signed in this case. */ + startpos = (SMB_OFF_T)IVALS(inbuf,smb_vwv2); switch (mode) { case 0: umode = SEEK_SET; break; @@ -2478,7 +2479,7 @@ int reply_writeclose(connection_struct *conn, CHECK_WRITE(fsp); numtowrite = SVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv2); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); mtime = make_unix_date3(inbuf+smb_vwv4); data = smb_buf(inbuf) + 1; @@ -4056,7 +4057,7 @@ int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length, CHECK_FSP(fsp,conn); CHECK_READ(fsp); - startpos = IVAL(inbuf,smb_vwv1); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv1); maxcount = SVAL(inbuf,smb_vwv3); data = smb_buf(outbuf); @@ -4184,7 +4185,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, CHECK_ERROR(fsp); tcount = SVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv3); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv3); write_through = BITSETW(inbuf+smb_vwv7,0); numtowrite = SVAL(inbuf,smb_vwv10); smb_doff = SVAL(inbuf,smb_vwv11); @@ -4284,7 +4285,7 @@ int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz CHECK_WRITE(fsp); tcount = SVAL(inbuf,smb_vwv1); - startpos = IVAL(inbuf,smb_vwv2); + startpos = IVAL_TO_SMB_OFF_T(inbuf,smb_vwv2); numtowrite = SVAL(inbuf,smb_vwv6); smb_doff = SVAL(inbuf,smb_vwv7); |