diff options
author | Stefan Metzmacher <metze@samba.org> | 2006-06-29 23:11:07 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:09:39 -0500 |
commit | bd0dcebe36ea926e2ad9a32a6eb103a88325c930 (patch) | |
tree | 1a0f6ee858fc1a366cb1d93f2c7de005a1c35c16 /source4/smb_server/smb2 | |
parent | d63dd113ae2c7f4f6d64def00a488548e805bc7e (diff) | |
download | samba-bd0dcebe36ea926e2ad9a32a6eb103a88325c930.tar.gz samba-bd0dcebe36ea926e2ad9a32a6eb103a88325c930.tar.bz2 samba-bd0dcebe36ea926e2ad9a32a6eb103a88325c930.zip |
r16705: fix a bug found by valgrind...
as we setup the 1 padding byte for non present dynamic part,
we need to overwrite it when we're getting a real dynamic part,
so we need to remove the buf->size +=1 when we do the first
push to the dynamic part (when buf->dynamic is still but->body + buf->body_fixed)
metze
(This used to be commit f309209629ad1b63a76fc06163a3eeb07dce4c86)
Diffstat (limited to 'source4/smb_server/smb2')
-rw-r--r-- | source4/smb_server/smb2/receive.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index ac1f691f8a..8ac90b89f9 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -60,6 +60,7 @@ NTSTATUS smb2srv_setup_reply(struct smb2srv_request *req, uint16_t body_fixed_si req->out.hdr = req->out.buffer + NBT_HDR_SIZE; req->out.body = req->out.hdr + SMB2_HDR_BODY; + req->out.body_fixed = body_fixed_size; req->out.body_size = body_fixed_size; req->out.dynamic = (body_dynamic_size ? req->out.body + body_fixed_size : NULL); @@ -294,10 +295,11 @@ NTSTATUS smbsrv_recv_smb2_request(void *private, DATA_BLOB blob) req->in.dynamic = NULL; buffer_code = SVAL(req->in.body, 0); - dynamic_size = req->in.body_size - (buffer_code & ~1); + req->in.body_fixed = (buffer_code & ~1); + dynamic_size = req->in.body_size - req->in.body_fixed; if (dynamic_size != 0 && (buffer_code & 1)) { - req->in.dynamic = req->in.body + (buffer_code & ~1); + req->in.dynamic = req->in.body + req->in.body_fixed; if (smb2_oob(&req->in, req->in.dynamic, dynamic_size)) { DEBUG(1,("SMB2 request invalid dynamic size 0x%x\n", dynamic_size)); |