diff options
author | Volker Lendecke <vl@samba.org> | 2008-11-07 20:38:05 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2008-11-08 10:42:29 +0100 |
commit | 8315677ca3ca9eed62fe6e24bac333b9b5dc763b (patch) | |
tree | 30e4ffbeaf08b1b0290c18c37caf9f993abbd45b /source3/smbd | |
parent | 7a35506bb87fd784a4a7a5b81c2d2ab5c32b233b (diff) | |
download | samba-8315677ca3ca9eed62fe6e24bac333b9b5dc763b.tar.gz samba-8315677ca3ca9eed62fe6e24bac333b9b5dc763b.tar.bz2 samba-8315677ca3ca9eed62fe6e24bac333b9b5dc763b.zip |
Do not write into inbuf for the transs request
Instead, fix up the outbuf in send_xx_reply. In those routines, we know
what we are returning.
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/blocking.c | 1 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 18 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 11 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 12 |
4 files changed, 23 insertions, 19 deletions
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 87ae3ca272..2237a89ace 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -505,7 +505,6 @@ static bool process_trans2(blocking_lock_record *blr) /* We finally got the lock, return success. */ - SCVAL(blr->req->inbuf, smb_com, SMBtrans2); SSVAL(params,0,0); /* Fake up max_data_bytes here - we know it fits. */ send_trans2_replies(blr->fsp->conn, blr->req, params, 2, NULL, 0, 0xffff); diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c7a44270f5..26a4212ec9 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -105,6 +105,12 @@ void send_trans_reply(connection_struct *conn, reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); + /* + * We might have SMBtranss in req which was transferred to the outbuf, + * fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans); + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); @@ -155,6 +161,12 @@ void send_trans_reply(connection_struct *conn, reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); + /* + * We might have SMBtranss in req which was transferred to the + * outbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans); + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); @@ -774,12 +786,6 @@ void reply_transs(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBtranss is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBtrans); - handle_trans(conn, req, state); DLIST_REMOVE(conn->pending_trans, state); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index c7a8bf7650..1a13d962f0 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -120,6 +120,11 @@ void send_nt_replies(connection_struct *conn, + data_alignment_offset); /* + * We might have had SMBnttranss in req->inbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBnttrans); + + /* * Set total params and data to be sent. */ @@ -2829,12 +2834,6 @@ void reply_nttranss(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBnttranss is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBnttrans); - handle_nttrans(conn, state, req); DLIST_REMOVE(conn->pending_trans, state); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index d0e3a68e8a..c385c6ccb1 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -768,6 +768,12 @@ void send_trans2_replies(connection_struct *conn, reply_outbuf(req, 10, total_sent_thistime + alignment_offset + data_alignment_offset); + /* + * We might have SMBtrans2s in req which was transferred to + * the outbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans2); + /* Set total params and data to be sent */ SSVAL(req->outbuf,smb_tprcnt,paramsize); SSVAL(req->outbuf,smb_tdrcnt,datasize); @@ -7822,12 +7828,6 @@ void reply_transs2(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBtranss2 is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBtrans2); - handle_trans2(conn, req, state); DLIST_REMOVE(conn->pending_trans, state); |