diff options
-rw-r--r-- | source3/lib/util.c | 20 | ||||
-rw-r--r-- | source3/libsmb/smb_seal.c | 7 | ||||
-rw-r--r-- | source3/smbd/aio.c | 16 | ||||
-rw-r--r-- | source3/smbd/blocking.c | 12 | ||||
-rw-r--r-- | source3/smbd/process.c | 7 | ||||
-rw-r--r-- | source3/smbd/reply.c | 8 |
6 files changed, 45 insertions, 25 deletions
diff --git a/source3/lib/util.c b/source3/lib/util.c index b1db36c250..bb92466a05 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -533,14 +533,20 @@ void smb_set_enclen(char *buf,int len,uint16 enc_ctx_num) Set the length and marker of an smb packet. ********************************************************************/ -void smb_setlen(char *buf,int len) +void smb_setlen(char *buf,int len,const char *frombuf) { _smb_setlen(buf,len); - SCVAL(buf,4,0xFF); - SCVAL(buf,5,'S'); - SCVAL(buf,6,'M'); - SCVAL(buf,7,'B'); + if (frombuf) { + if (buf != frombuf) { + memcpy(buf+4, frombuf+4, 4); + } + } else { + SCVAL(buf,4,0xFF); + SCVAL(buf,5,'S'); + SCVAL(buf,6,'M'); + SCVAL(buf,7,'B'); + } } /******************************************************************* @@ -554,7 +560,7 @@ int set_message(char *buf,int num_words,int num_bytes,BOOL zero) } SCVAL(buf,smb_wct,num_words); SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes); - smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4); + smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4, NULL); return (smb_size + num_words*2 + num_bytes); } @@ -566,7 +572,7 @@ int set_message_bcc(char *buf,int num_bytes) { int num_words = CVAL(buf,smb_wct); SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes); - smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4); + smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4, NULL); return (smb_size + num_words*2 + num_bytes); } diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c index 19092bd8c8..2e3e2f4ce3 100644 --- a/source3/libsmb/smb_seal.c +++ b/source3/libsmb/smb_seal.c @@ -93,10 +93,11 @@ NTSTATUS common_ntlm_decrypt_buffer(NTLMSSP_STATE *ntlmssp_state, char *buf) } memcpy(buf + 8, inbuf + 8 + NTLMSSP_SIG_SIZE, data_len); - SAFE_FREE(inbuf); /* Reset the length. */ - smb_setlen(buf, data_len + 4); + smb_setlen(buf, data_len + 4, inbuf); + + SAFE_FREE(inbuf); return NT_STATUS_OK; } @@ -203,7 +204,7 @@ static NTSTATUS common_gss_decrypt_buffer(struct smb_tran_enc_state_gss *gss_sta } memcpy(buf + 8, out_buf.value, out_buf.length); - smb_setlen(buf, out_buf.length + 4); + smb_setlen(buf, out_buf.length + 4, out_buf.value); gss_release_buffer(&minor, &out_buf); return NT_STATUS_OK; diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index a85cf901ae..6b403e1e36 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -49,8 +49,10 @@ static struct aio_extra *aio_list_head; of the aio_read call. *****************************************************************************/ -static struct aio_extra *create_aio_ex_read(files_struct *fsp, size_t buflen, - uint16 mid) +static struct aio_extra *create_aio_ex_read(files_struct *fsp, + size_t buflen, + uint16 mid, + const char *inbuf) { struct aio_extra *aio_ex = SMB_MALLOC_P(struct aio_extra); @@ -66,6 +68,14 @@ static struct aio_extra *create_aio_ex_read(files_struct *fsp, size_t buflen, SAFE_FREE(aio_ex); return NULL; } + /* Save the first 8 bytes of inbuf for possible enc data. */ + aio_ex->inbuf = SMB_MALLOC_ARRAY(char, 8); + if (!aio_ex->inbuf) { + SAFE_FREE(aio_ex->outbuf); + SAFE_FREE(aio_ex); + return NULL; + } + memcpy(aio_ex->inbuf, inbuf, 8); DLIST_ADD(aio_list_head, aio_ex); aio_ex->fsp = fsp; aio_ex->read_req = True; @@ -408,7 +418,7 @@ static int handle_aio_read_complete(struct aio_extra *aio_ex) aio_ex->acb.aio_nbytes, (int)nread ) ); } - smb_setlen(outbuf,outsize - 4); + smb_setlen(outbuf,outsize - 4,aio_ex->inbuf); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) { exit_server_cleanly("handle_aio_read_complete: send_smb " diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 101f16bb9d..58953bac11 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -237,13 +237,15 @@ BOOL push_blocking_lock_request( struct byte_range_lock *br_lck, Return a smd with a given size. *****************************************************************************/ -static void send_blocking_reply(char *outbuf, int outsize) +static void send_blocking_reply(char *outbuf, int outsize, const char *inbuf) { - if(outsize > 4) - smb_setlen(outbuf,outsize - 4); + if(outsize > 4) { + smb_setlen(outbuf,outsize - 4, inbuf); + } - if (!send_smb(smbd_server_fd(),outbuf)) + if (!send_smb(smbd_server_fd(),outbuf)) { exit_server_cleanly("send_blocking_reply: send_smb failed."); + } } /**************************************************************************** @@ -272,7 +274,7 @@ static void reply_lockingX_success(blocking_lock_record *blr) outsize += chain_size; - send_blocking_reply(outbuf,outsize); + send_blocking_reply(outbuf,outsize,inbuf); } /**************************************************************************** diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 6f3ad9884c..c6bcfb7394 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1039,8 +1039,9 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) outsize += chain_size; - if(outsize > 4) - smb_setlen(outbuf,outsize - 4); + if(outsize > 4) { + smb_setlen(outbuf,outsize - 4, inbuf); + } return(outsize); } @@ -1219,7 +1220,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize) } /* And set it in the header. */ - smb_setlen(inbuf2, new_size); + smb_setlen(inbuf2, new_size, inbuf); /* create the out buffer */ construct_reply_common(inbuf2, outbuf2); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 3d0f8a3ca8..1b6f861cb8 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -303,7 +303,7 @@ int reply_special(char *inbuf,char *outbuf) memset(outbuf,'\0',smb_size); - smb_setlen(outbuf,0); + smb_setlen(outbuf,0,inbuf); switch (msg_type) { case 0x81: /* session request */ @@ -1182,7 +1182,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size SSVAL(outbuf,smb_flg2, (SVAL(outbuf, smb_flg2) & (~FLAGS2_UNICODE_STRINGS))); outsize += DIR_STRUCT_SIZE*numentries; - smb_setlen(outbuf,outsize - 4); + smb_setlen(outbuf,outsize - 4,inbuf); if ((! *directory) && dptr_path(dptr_num)) slprintf(directory, sizeof(directory)-1, "(%s)",dptr_path(dptr_num)); @@ -3538,7 +3538,7 @@ int reply_echo(connection_struct *conn, for (seq_num =1 ; seq_num <= smb_reverb ; seq_num++) { SSVAL(outbuf,smb_vwv0,seq_num); - smb_setlen(outbuf,outsize - 4); + smb_setlen(outbuf,outsize - 4,inbuf); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) @@ -5846,7 +5846,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, if (write_through && tcount==nwritten) { /* We need to send both a primary and a secondary response */ - smb_setlen(outbuf,outsize - 4); + smb_setlen(outbuf,outsize - 4,inbuf); show_msg(outbuf); if (!send_smb(smbd_server_fd(),outbuf)) exit_server_cleanly("reply_writebmpx: send_smb failed."); |