diff options
-rw-r--r-- | source3/include/smb.h | 25 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 12 |
2 files changed, 33 insertions, 4 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index 8b7ad6ea92..429ce87f40 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -895,6 +895,31 @@ struct parm_struct #define smb_droff smb_vwv7 #define smb_drdisp smb_vwv8 +/* these are for the NT trans primary request. */ +#define smb_nt_MaxSetupCount smb_vwv0 +#define smb_nt_Flags (smb_vwv0 + 1) +#define smb_nt_TotalParameterCount (smb_vwv0 + 3) +#define smb_nt_TotalDataCount (smb_vwv0 + 7) +#define smb_nt_MaxParameterCount (smb_vwv0 + 11) +#define smb_nt_MaxDataCount (smb_vwv0 + 15) +#define smb_nt_ParameterCount (smb_vwv0 + 19) +#define smb_nt_ParameterOffset (smb_vwv0 + 23) +#define smb_nt_DataCount (smb_vwv0 + 27) +#define smb_nt_DataOffset (smb_vwv0 + 31) +#define smb_nt_SetupCount (smb_vwv0 + 35) +#define smb_nt_Function (smb_vwv0 + 36) +#define smb_nt_SetupStart (smb_vwv0 + 39) + +/* these are for the NT trans secondary request. */ +#define smb_nts_TotalParameterCount (smb_vwv0 + 3) +#define smb_nts_TotalDataCount (smb_vwv0 + 7) +#define smb_nts_ParameterCount (smb_vwv0 + 11) +#define smb_nts_ParameterOffset (smb_vwv0 + 15) +#define smb_nts_ParameterDisplacement (smb_vwv0 + 19) +#define smb_nts_DataCount (smb_vwv0 + 23) +#define smb_nts_DataOffset (smb_vwv0 + 27) +#define smb_nts_DataDisplacement (smb_vwv0 + 31) + /* where to find the base of the SMB packet proper */ #define smb_base(buf) (((char *)(buf))+4) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 75cf18785c..af70064ef4 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1787,8 +1787,10 @@ int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize) if (num_params > total_params || num_data > total_data) exit_server("invalid params in reply_trans2"); - memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params); - memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data); + if(params) + memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params); + if(data) + memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data); if(num_data_sofar < total_data || num_params_sofar < total_params) { @@ -1812,8 +1814,10 @@ int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize) else DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n", (smb_read_error == READ_ERROR) ? "error" : "timeout" )); - free(params); - free(data); + if(params) + free(params); + if(data) + free(data); return(ERROR(ERRSRV,ERRerror)); } |