summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/process.c2
-rw-r--r--source3/smbd/reply.c56
2 files changed, 37 insertions, 21 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 671b7116fa..9604439230 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -729,7 +729,7 @@ static const struct smb_message_struct {
/* 0x24 */ { "SMBlockingX",NULL,reply_lockingX,AS_USER },
/* 0x25 */ { "SMBtrans",NULL,reply_trans,AS_USER | CAN_IPC },
/* 0x26 */ { "SMBtranss",NULL,reply_transs,AS_USER | CAN_IPC},
-/* 0x27 */ { "SMBioctl",reply_ioctl,NULL,0},
+/* 0x27 */ { "SMBioctl",NULL,reply_ioctl,0},
/* 0x28 */ { "SMBioctls",NULL, NULL,AS_USER},
/* 0x29 */ { "SMBcopy",reply_copy,NULL,AS_USER | NEED_WRITE },
/* 0x2a */ { "SMBmove",NULL, NULL,AS_USER | NEED_WRITE },
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 2b2fc7c895..f079ef4b21 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -724,56 +724,72 @@ void reply_unknown_new(struct smb_request *req, uint8 type)
conn POINTER CAN BE NULL HERE !
****************************************************************************/
-int reply_ioctl(connection_struct *conn,
- char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
+void reply_ioctl(connection_struct *conn, struct smb_request *req)
{
- uint16 device = SVAL(inbuf,smb_vwv1);
- uint16 function = SVAL(inbuf,smb_vwv2);
- uint32 ioctl_code = (device << 16) + function;
- int replysize, outsize;
+ uint16 device;
+ uint16 function;
+ uint32 ioctl_code;
+ int replysize;
char *p;
+
START_PROFILE(SMBioctl);
+ if (req->wct < 3) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBioctl);
+ return;
+ }
+
+ device = SVAL(req->inbuf,smb_vwv1);
+ function = SVAL(req->inbuf,smb_vwv2);
+ ioctl_code = (device << 16) + function;
+
DEBUG(4, ("Received IOCTL (code 0x%x)\n", ioctl_code));
switch (ioctl_code) {
case IOCTL_QUERY_JOB_INFO:
- replysize = 32;
- break;
+ replysize = 32;
+ break;
default:
- END_PROFILE(SMBioctl);
- return(ERROR_DOS(ERRSRV,ERRnosupport));
+ reply_doserror(req, ERRSRV, ERRnosupport);
+ END_PROFILE(SMBioctl);
+ return;
}
- outsize = set_message(inbuf,outbuf,8,replysize+1,True);
- SSVAL(outbuf,smb_vwv1,replysize); /* Total data bytes returned */
- SSVAL(outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
- SSVAL(outbuf,smb_vwv6,52); /* Offset to data */
- p = smb_buf(outbuf) + 1; /* Allow for alignment */
+ reply_outbuf(req, 8, replysize+1);
+ SSVAL(req->outbuf,smb_vwv1,replysize); /* Total data bytes returned */
+ SSVAL(req->outbuf,smb_vwv5,replysize); /* Data bytes this buffer */
+ SSVAL(req->outbuf,smb_vwv6,52); /* Offset to data */
+ p = smb_buf(req->outbuf) + 1; /* Allow for alignment */
switch (ioctl_code) {
case IOCTL_QUERY_JOB_INFO:
{
- files_struct *fsp = file_fsp(SVAL(inbuf,smb_vwv0));
+ files_struct *fsp = file_fsp(SVAL(req->inbuf,
+ smb_vwv0));
if (!fsp) {
+ reply_doserror(req, ERRDOS, ERRbadfid);
END_PROFILE(SMBioctl);
- return(UNIXERROR(ERRDOS,ERRbadfid));
+ return;
}
SSVAL(p,0,fsp->rap_print_jobid); /* Job number */
- srvstr_push(outbuf, SVAL(outbuf, smb_flg2), p+2,
+ srvstr_push((char *)req->outbuf, req->flags2, p+2,
global_myname(), 15,
STR_TERMINATE|STR_ASCII);
if (conn) {
- srvstr_push(outbuf, SVAL(outbuf, smb_flg2),
+ srvstr_push((char *)req->outbuf, req->flags2,
p+18, lp_servicename(SNUM(conn)),
13, STR_TERMINATE|STR_ASCII);
}
+ else {
+ memset(p+18, 0, 13);
+ }
break;
}
}
END_PROFILE(SMBioctl);
- return outsize;
+ return;
}
/****************************************************************************