diff options
author | Volker Lendecke <vl@samba.org> | 2012-02-29 23:44:36 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2012-03-10 15:34:12 +0100 |
commit | 12068d4aaca0579b58bbb121df4d1e947f8ea032 (patch) | |
tree | 7565281110bfba99f1dc83f1de3ce4b83295eca0 /source3 | |
parent | 11d087aa04f436147e7a9dd1748a43bde24de8e3 (diff) | |
download | samba-12068d4aaca0579b58bbb121df4d1e947f8ea032.tar.gz samba-12068d4aaca0579b58bbb121df4d1e947f8ea032.tar.bz2 samba-12068d4aaca0579b58bbb121df4d1e947f8ea032.zip |
s3: Fix the read&x offset within a chain
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/process.c | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 8fb45123ad..c163212bc0 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1978,6 +1978,38 @@ static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf) */ memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct); + + /* + * HACK ALERT + * + * Read&X has an offset into its data buffer at + * vwv[6]. reply_read_andx has no idea anymore that it's + * running from within a chain, so we have to fix up the + * offset here. + * + * Although it looks disgusting at this place, I want to keep + * it here. The alternative would be to push knowledge about + * the andx chain down into read&x again. + */ + + if (smb_command == SMBreadX) { + uint8_t *bytes_addr; + + if (wct < 7) { + /* + * Invalid read&x response + */ + return false; + } + + bytes_addr = outbuf + ofs /* vwv start */ + + sizeof(uint16_t) * wct /* vwv array */ + + sizeof(uint16_t); /* bcc */ + + SSVAL(outbuf + ofs, 6 * sizeof(uint16_t), + bytes_addr - outbuf - 4); + } + ofs += sizeof(uint16_t) * wct; /* |