Fixed sys_lseek and seek_file calls so all returns

are *checked* :-).
Jeremy.
(This used to be commit b8b781191dd7d28944d87eec5fa0fbef798e289b)

4 files changed, 70 insertions, 19 deletions

diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 0170fa5497..af74e40f6a 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -166,7 +166,11 @@ BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOO
 		}
 		
 		if (Clear && crec.pid && !process_exists(crec.pid)) {
-			sys_lseek(fd,i*sizeof(crec),SEEK_SET);
+			if(sys_lseek(fd,i*sizeof(crec),SEEK_SET) != i*sizeof(crec)) {
+              DEBUG(0,("claim_connection: ERROR: sys_lseek failed to seek \
+to %d\n", i*sizeof(crec) ));
+              continue;
+            }
 			bzero((void *)&crec,sizeof(crec));
 			write(fd, &crec,sizeof(crec));
 			if (foundi < 0) foundi = i;
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
index ebc4544a76..c7ffb6412d 100644
--- a/source3/smbd/fileio.c
+++ b/source3/smbd/fileio.c
@@ -31,11 +31,20 @@ seek a file. Try to avoid the seek if possible
 SMB_OFF_T seek_file(files_struct *fsp,SMB_OFF_T pos)
 {
   SMB_OFF_T offset = 0;
+  SMB_OFF_T seek_ret;
 
   if (fsp->print_file && lp_postscript(fsp->conn->service))
     offset = 3;
 
-  fsp->pos = (sys_lseek(fsp->fd_ptr->fd,pos+offset,SEEK_SET) - offset);
+  seek_ret = sys_lseek(fsp->fd_ptr->fd,pos+offset,SEEK_SET);
+
+  if((seek_ret == -1) || (seek_ret != pos+offset)) {
+    DEBUG(0,("seek_file: sys_lseek failed. Error was %s\n", strerror(errno) ));
+    fsp->pos = -1;
+    return -1;
+  }
+
+  fsp->pos = seek_ret - offset;
 
   DEBUG(10,("seek_file: requested pos = %.0f, new pos = %.0f\n",
         (double)(pos+offset), (double)fsp->pos ));
@@ -75,7 +84,7 @@ ssize_t read_file(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n)
   }
 #endif
 
-  if (seek_file(fsp,pos) != pos) {
+  if (seek_file(fsp,pos) == -1) {
     DEBUG(3,("read_file: Failed to seek to %.0f\n",(double)pos));
     return(ret);
   }
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index d801ce4a63..bcb408c2a6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1844,6 +1844,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
   
 #if UNSAFE_READRAW
   {
+    BOOL seek_fail = False;
     int predict=0;
     _smb_setlen(header,nread);
 
@@ -1852,11 +1853,18 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
       predict = read_predict(fsp->fd_ptr->fd,startpos,header+4,NULL,nread);
 #endif /* USE_READ_PREDICTION */
 
-    if ((nread-predict) > 0)
-      seek_file(fsp,startpos + predict);
-    
-    ret = (ssize_t)transfer_file(fsp->fd_ptr->fd,Client,(SMB_OFF_T)(nread-predict),header,4+predict,
-			startpos+predict);
+    if ((nread-predict) > 0) {
+      if(seek_file(fsp,startpos + predict) == -1) {
+        DEBUG(0,("reply_readbraw: ERROR: seek_file failed.\n"));
+        ret = 0;
+        seek_fail = True;
+      } 
+    }
+
+    if(!seek_fail)
+      ret = (ssize_t)transfer_file(fsp->fd_ptr->fd,Client,
+                                   (SMB_OFF_T)(nread-predict),header,4+predict, 
+                                   startpos+predict);
   }
 
   if (ret != nread+4)
@@ -2065,8 +2073,10 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int dum_s
   if (is_locked(fsp,conn,tcount,startpos, F_WRLCK))
     return(ERROR(ERRDOS,ERRlock));
 
-  if (seek_file(fsp,startpos) != startpos)
+  if (seek_file(fsp,startpos) == -1) {
     DEBUG(0,("couldn't seek to %.0f in writebraw\n",(double)startpos));
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
 
   if (numtowrite>0)
     nwritten = write_file(fsp,data,numtowrite);
@@ -2153,7 +2163,8 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, int dum
   if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
     return(ERROR(ERRDOS,ERRlock));
 
-  seek_file(fsp,startpos);
+  if(seek_file(fsp,startpos) == -1)
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
 
   /* The special X/Open SMB protocol handling of
      zero length writes is *NOT* done for
@@ -2205,7 +2216,8 @@ int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int dum_size,i
   if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
     return(ERROR(ERRDOS,ERRlock));
 
-  seek_file(fsp,startpos);
+  if(seek_file(fsp,startpos) == -1)
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
 
   /* X/Open SMB protocol says that if smb_vwv1 is
      zero then the file size should be extended or
@@ -2272,7 +2284,8 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng
   if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
     return(ERROR(ERRDOS,ERRlock));
 
-  seek_file(fsp,startpos);
+  if(seek_file(fsp,startpos) == -1)
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
   
   /* X/Open SMB protocol says that, unlike SMBwrite
      if the length is zero then NO truncation is
@@ -2331,7 +2344,9 @@ int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
       umode = SEEK_SET; break;
   }
 
-  res = sys_lseek(fsp->fd_ptr->fd,startpos,umode);
+  if((res = sys_lseek(fsp->fd_ptr->fd,startpos,umode)) == -1)
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
+
   fsp->pos = res;
   
   outsize = set_message(outbuf,2,0,True);
@@ -2469,7 +2484,8 @@ int reply_writeclose(connection_struct *conn,
 	if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
 		return(ERROR(ERRDOS,ERRlock));
       
-	seek_file(fsp,startpos);
+	if(seek_file(fsp,startpos) == -1)
+		return(UNIXERROR(ERRDOS,ERRnoaccess));
       
 	nwritten = write_file(fsp,data,numtowrite);
 
@@ -3312,7 +3328,7 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun,
 {
   int Access,action;
   SMB_STRUCT_STAT st;
-  int ret=0;
+  int ret=-1;
   files_struct *fsp1,*fsp2;
   pstring dest;
   
@@ -3357,7 +3373,15 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun,
   }
 
   if ((ofun&3) == 1) {
-    sys_lseek(fsp2->fd_ptr->fd,0,SEEK_END);
+    if(sys_lseek(fsp2->fd_ptr->fd,0,SEEK_END) == -1) {
+      DEBUG(0,("copy_file: error - sys_lseek returned error %s\n",
+               strerror(errno) ));
+      /*
+       * Stop the copy from occurring.
+       */
+      ret = -1;
+      st.st_size = 0;
+    }
   }
   
   if (st.st_size)
@@ -3807,7 +3831,9 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int dum_s
   if (is_locked(fsp,conn,tcount,startpos,F_WRLCK))
     return(ERROR(ERRDOS,ERRlock));
 
-  seek_file(fsp,startpos);
+  if(seek_file(fsp,startpos) == -1)
+    return(UNIXERROR(ERRDOS,ERRnoaccess));
+
   nwritten = write_file(fsp,data,numtowrite);
 
   if(lp_syncalways(SNUM(conn)) || write_through)
@@ -3909,7 +3935,18 @@ int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz
   if(wbms->wr_discard)
     return -1; /* Just discard the packet */
 
-  seek_file(fsp,startpos);
+  if(seek_file(fsp,startpos) == -1)
+  {
+    if(write_through)
+    {
+      /* We are returning an error - we can delete the aux struct */
+      if (wbms) free((char *)wbms);
+      fsp->wbmpx_ptr = NULL;
+      return(UNIXERROR(ERRDOS,ERRnoaccess));
+    }
+    return(CACHE_ERROR(wbms,ERRDOS,ERRnoaccess));
+  } 
+
   nwritten = write_file(fsp,data,numtowrite);
 
   if(lp_syncalways(SNUM(conn)) || write_through)
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f9186115f5..62bfb612e5 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1253,7 +1253,8 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
       DEBUG(3,("fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno)));
       return(UNIXERROR(ERRDOS,ERRbadfid));
     }
-    pos = sys_lseek(fsp->fd_ptr->fd,0,SEEK_CUR);
+    if((pos = sys_lseek(fsp->fd_ptr->fd,0,SEEK_CUR)) == -1)
+      return(UNIXERROR(ERRDOS,ERRnoaccess));
   } else {
     /* qpathinfo */
     info_level = SVAL(params,0);