summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/util.c20
-rw-r--r--source3/libsmb/smb_seal.c7
-rw-r--r--source3/smbd/aio.c16
-rw-r--r--source3/smbd/blocking.c12
-rw-r--r--source3/smbd/process.c7
-rw-r--r--source3/smbd/reply.c8
6 files changed, 45 insertions, 25 deletions
diff --git a/source3/lib/util.c b/source3/lib/util.c
index b1db36c250..bb92466a05 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -533,14 +533,20 @@ void smb_set_enclen(char *buf,int len,uint16 enc_ctx_num)
Set the length and marker of an smb packet.
********************************************************************/
-void smb_setlen(char *buf,int len)
+void smb_setlen(char *buf,int len,const char *frombuf)
{
_smb_setlen(buf,len);
- SCVAL(buf,4,0xFF);
- SCVAL(buf,5,'S');
- SCVAL(buf,6,'M');
- SCVAL(buf,7,'B');
+ if (frombuf) {
+ if (buf != frombuf) {
+ memcpy(buf+4, frombuf+4, 4);
+ }
+ } else {
+ SCVAL(buf,4,0xFF);
+ SCVAL(buf,5,'S');
+ SCVAL(buf,6,'M');
+ SCVAL(buf,7,'B');
+ }
}
/*******************************************************************
@@ -554,7 +560,7 @@ int set_message(char *buf,int num_words,int num_bytes,BOOL zero)
}
SCVAL(buf,smb_wct,num_words);
SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
- smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+ smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4, NULL);
return (smb_size + num_words*2 + num_bytes);
}
@@ -566,7 +572,7 @@ int set_message_bcc(char *buf,int num_bytes)
{
int num_words = CVAL(buf,smb_wct);
SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
- smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+ smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4, NULL);
return (smb_size + num_words*2 + num_bytes);
}
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index 19092bd8c8..2e3e2f4ce3 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -93,10 +93,11 @@ NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf)
}
memcpy(buf + 8, inbuf + 8 + NTLMSSP_SIG_SIZE, data_len);
- SAFE_FREE(inbuf);
/* Reset the length. */
- smb_setlen(buf, data_len + 4);
+ smb_setlen(buf, data_len + 4, inbuf);
+
+ SAFE_FREE(inbuf);
return NT_STATUS_OK;
}
@@ -203,7 +204,7 @@ static NTSTATUS common_gss_decrypt_buffer(struct smb_tran_enc_state_gss *gss_sta
}
memcpy(buf + 8, out_buf.value, out_buf.length);
- smb_setlen(buf, out_buf.length + 4);
+ smb_setlen(buf, out_buf.length + 4, out_buf.value);
gss_release_buffer(&minor, &out_buf);
return NT_STATUS_OK;
diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index a85cf901ae..6b403e1e36 100644
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -49,8 +49,10 @@ static struct aio_extra *aio_list_head;
of the aio_read call.
*****************************************************************************/
-static struct aio_extra *create_aio_ex_read(files_struct *fsp, size_t buflen,
- uint16 mid)
+static struct aio_extra *create_aio_ex_read(files_struct *fsp,
+ size_t buflen,
+ uint16 mid,
+ const char *inbuf)
{
struct aio_extra *aio_ex = SMB_MALLOC_P(struct aio_extra);
@@ -66,6 +68,14 @@ static struct aio_extra *create_aio_ex_read(files_struct *fsp, size_t buflen,
SAFE_FREE(aio_ex);
return NULL;
}
+ /* Save the first 8 bytes of inbuf for possible enc data. */
+ aio_ex->inbuf = SMB_MALLOC_ARRAY(char, 8);
+ if (!aio_ex->inbuf) {
+ SAFE_FREE(aio_ex->outbuf);
+ SAFE_FREE(aio_ex);
+ return NULL;
+ }
+ memcpy(aio_ex->inbuf, inbuf, 8);
DLIST_ADD(aio_list_head, aio_ex);
aio_ex->fsp = fsp;
aio_ex->read_req = True;
@@ -408,7 +418,7 @@ static int handle_aio_read_complete(struct aio_extra *aio_ex)
aio_ex->acb.aio_nbytes, (int)nread ) );
}
- smb_setlen(outbuf,outsize - 4);
+ smb_setlen(outbuf,outsize - 4,aio_ex->inbuf);
show_msg(outbuf);
if (!send_smb(smbd_server_fd(),outbuf)) {
exit_server_cleanly("handle_aio_read_complete: send_smb "
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 101f16bb9d..58953bac11 100644
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -237,13 +237,15 @@ BOOL push_blocking_lock_request( struct byte_range_lock *br_lck,
Return a smd with a given size.
*****************************************************************************/
-static void send_blocking_reply(char *outbuf, int outsize)
+static void send_blocking_reply(char *outbuf, int outsize, const char *inbuf)
{
- if(outsize > 4)
- smb_setlen(outbuf,outsize - 4);
+ if(outsize > 4) {
+ smb_setlen(outbuf,outsize - 4, inbuf);
+ }
- if (!send_smb(smbd_server_fd(),outbuf))
+ if (!send_smb(smbd_server_fd(),outbuf)) {
exit_server_cleanly("send_blocking_reply: send_smb failed.");
+ }
}
/****************************************************************************
@@ -272,7 +274,7 @@ static void reply_lockingX_success(blocking_lock_record *blr)
outsize += chain_size;
- send_blocking_reply(outbuf,outsize);
+ send_blocking_reply(outbuf,outsize,inbuf);
}
/****************************************************************************
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 6f3ad9884c..c6bcfb7394 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1039,8 +1039,9 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
outsize += chain_size;
- if(outsize > 4)
- smb_setlen(outbuf,outsize - 4);
+ if(outsize > 4) {
+ smb_setlen(outbuf,outsize - 4, inbuf);
+ }
return(outsize);
}
@@ -1219,7 +1220,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
}
/* And set it in the header. */
- smb_setlen(inbuf2, new_size);
+ smb_setlen(inbuf2, new_size, inbuf);
/* create the out buffer */
construct_reply_common(inbuf2, outbuf2);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 3d0f8a3ca8..1b6f861cb8 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -303,7 +303,7 @@ int reply_special(char *inbuf,char *outbuf)
memset(outbuf,'\0',smb_size);
- smb_setlen(outbuf,0);
+ smb_setlen(outbuf,0,inbuf);
switch (msg_type) {
case 0x81: /* session request */
@@ -1182,7 +1182,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS)));
outsize += DIR_STRUCT_SIZE*numentries;
- smb_setlen(outbuf,outsize - 4);
+ smb_setlen(outbuf,outsize - 4,inbuf);
if ((! *directory) && dptr_path(dptr_num))
slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num));
@@ -3538,7 +3538,7 @@ int reply_echo(connection_struct *conn,
for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) {
SSVAL(outbuf,smb_vwv0,seq_num);
- smb_setlen(outbuf,outsize - 4);
+ smb_setlen(outbuf,outsize - 4,inbuf);
show_msg(outbuf);
if (!send_smb(smbd_server_fd(),outbuf))
@@ -5846,7 +5846,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size,
if (write_through && tcount==nwritten) {
/* We need to send both a primary and a secondary response */
- smb_setlen(outbuf,outsize - 4);
+ smb_setlen(outbuf,outsize - 4,inbuf);
show_msg(outbuf);
if (!send_smb(smbd_server_fd(),outbuf))
exit_server_cleanly("reply_writebmpx: send_smb failed.");