diff options
author | Volker Lendecke <vl@samba.org> | 2008-08-10 17:53:35 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2008-08-10 18:24:33 +0200 |
commit | 1a7b6fe34d6d7d29256fe3b5432593fa07d74838 (patch) | |
tree | 283448433714ec4252cd5259b60492812dfc9b09 /source3/smbd | |
parent | 12b6c1f57db772679cfb4b640a3f3dba259c9c72 (diff) | |
download | samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.tar.gz samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.tar.bz2 samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.zip |
fix smb_len calculation for chained requests
I think chain_reply() is one of the most tricky parts of Samba. This recursion
needs to go away, we need to sequentially walk the chain list.
(This used to be commit af2b01d85188d2301580643f7e862e3e3988aadc)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/process.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index a1d2d88b3d..332a2e4da3 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1653,6 +1653,7 @@ void chain_reply(struct smb_request *req) char *outbuf = (char *)req->outbuf; size_t outsize = smb_len(outbuf) + 4; size_t outsize_padded; + size_t padding; size_t ofs, to_move; struct smb_request *req2; @@ -1691,6 +1692,7 @@ void chain_reply(struct smb_request *req) */ outsize_padded = (outsize + 3) & ~3; + padding = outsize_padded - outsize; /* * remember how much the caller added to the chain, only counting @@ -1804,17 +1806,17 @@ void chain_reply(struct smb_request *req) SCVAL(outbuf, smb_vwv0, smb_com2); SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4); - if (outsize_padded > outsize) { + if (padding != 0) { /* * Due to padding we have some uninitialized bytes after the * caller's output */ - memset(outbuf + outsize, 0, outsize_padded - outsize); + memset(outbuf + outsize, 0, padding); } - smb_setlen(outbuf, outsize2 + chain_size - 4); + smb_setlen(outbuf, outsize2 + caller_outputlen + padding - 4); /* * restore the saved data, being careful not to overwrite any data |