summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-11-07 20:38:05 +0100
committerVolker Lendecke <vl@samba.org>2008-11-08 10:42:29 +0100
commit8315677ca3ca9eed62fe6e24bac333b9b5dc763b (patch)
tree30e4ffbeaf08b1b0290c18c37caf9f993abbd45b /source3/smbd
parent7a35506bb87fd784a4a7a5b81c2d2ab5c32b233b (diff)
downloadsamba-8315677ca3ca9eed62fe6e24bac333b9b5dc763b.tar.gz
samba-8315677ca3ca9eed62fe6e24bac333b9b5dc763b.tar.bz2
samba-8315677ca3ca9eed62fe6e24bac333b9b5dc763b.zip
Do not write into inbuf for the transs request
Instead, fix up the outbuf in send_xx_reply. In those routines, we know what we are returning.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/blocking.c1
-rw-r--r--source3/smbd/ipc.c18
-rw-r--r--source3/smbd/nttrans.c11
-rw-r--r--source3/smbd/trans2.c12
4 files changed, 23 insertions, 19 deletions
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 87ae3ca272..2237a89ace 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -505,7 +505,6 @@ static bool process_trans2(blocking_lock_record *blr)
/* We finally got the lock, return success. */
- SCVAL(blr->req->inbuf, smb_com, SMBtrans2);
SSVAL(params,0,0);
/* Fake up max_data_bytes here - we know it fits. */
send_trans2_replies(blr->fsp->conn, blr->req, params, 2, NULL, 0, 0xffff);
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index c7a44270f5..26a4212ec9 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -105,6 +105,12 @@ void send_trans_reply(connection_struct *conn,
reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
+ /*
+ * We might have SMBtranss in req which was transferred to the outbuf,
+ * fix that.
+ */
+ SCVAL(req->outbuf, smb_com, SMBtrans);
+
copy_trans_params_and_data((char *)req->outbuf, align,
rparam, tot_param_sent, this_lparam,
rdata, tot_data_sent, this_ldata);
@@ -155,6 +161,12 @@ void send_trans_reply(connection_struct *conn,
reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
+ /*
+ * We might have SMBtranss in req which was transferred to the
+ * outbuf, fix that.
+ */
+ SCVAL(req->outbuf, smb_com, SMBtrans);
+
copy_trans_params_and_data((char *)req->outbuf, align,
rparam, tot_param_sent, this_lparam,
rdata, tot_data_sent, this_ldata);
@@ -774,12 +786,6 @@ void reply_transs(struct smb_request *req)
return;
}
- /*
- * construct_reply_common will copy smb_com from inbuf to
- * outbuf. SMBtranss is wrong here.
- */
- SCVAL(req->inbuf,smb_com,SMBtrans);
-
handle_trans(conn, req, state);
DLIST_REMOVE(conn->pending_trans, state);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index c7a8bf7650..1a13d962f0 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -120,6 +120,11 @@ void send_nt_replies(connection_struct *conn,
+ data_alignment_offset);
/*
+ * We might have had SMBnttranss in req->inbuf, fix that.
+ */
+ SCVAL(req->outbuf, smb_com, SMBnttrans);
+
+ /*
* Set total params and data to be sent.
*/
@@ -2829,12 +2834,6 @@ void reply_nttranss(struct smb_request *req)
return;
}
- /*
- * construct_reply_common will copy smb_com from inbuf to
- * outbuf. SMBnttranss is wrong here.
- */
- SCVAL(req->inbuf,smb_com,SMBnttrans);
-
handle_nttrans(conn, state, req);
DLIST_REMOVE(conn->pending_trans, state);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index d0e3a68e8a..c385c6ccb1 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -768,6 +768,12 @@ void send_trans2_replies(connection_struct *conn,
reply_outbuf(req, 10, total_sent_thistime + alignment_offset
+ data_alignment_offset);
+ /*
+ * We might have SMBtrans2s in req which was transferred to
+ * the outbuf, fix that.
+ */
+ SCVAL(req->outbuf, smb_com, SMBtrans2);
+
/* Set total params and data to be sent */
SSVAL(req->outbuf,smb_tprcnt,paramsize);
SSVAL(req->outbuf,smb_tdrcnt,datasize);
@@ -7822,12 +7828,6 @@ void reply_transs2(struct smb_request *req)
return;
}
- /*
- * construct_reply_common will copy smb_com from inbuf to
- * outbuf. SMBtranss2 is wrong here.
- */
- SCVAL(req->inbuf,smb_com,SMBtrans2);
-
handle_trans2(conn, req, state);
DLIST_REMOVE(conn->pending_trans, state);