summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/server.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index c377684536..1fb6358794 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -3225,7 +3225,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
{
static char *orig_inbuf;
static char *orig_outbuf;
- int smb_com2 = CVAL(inbuf,smb_vwv0);
+ int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
char *inbuf2, *outbuf2;
int outsize2;
@@ -3260,15 +3260,18 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
outbuf2 = orig_outbuf + SVAL(outbuf,smb_vwv1) + 4 - smb_wct;
+ /* remember the original command type */
+ smb_com1 = CVAL(orig_outbuf,smb_com);
+
/* save the data which will be overwritten by the new headers */
memcpy(inbuf_saved,inbuf2,smb_wct);
memcpy(outbuf_saved,outbuf2,smb_wct);
/* give the new packet the same header as the first part of the SMB */
- memcpy(inbuf2,orig_inbuf,smb_wct);
+ memmove(inbuf2,orig_inbuf,smb_wct);
/* create the in buffer */
- CVAL(outbuf2,smb_com) = smb_com2;
+ CVAL(inbuf2,smb_com) = smb_com2;
/* create the out buffer */
bzero(outbuf2,smb_size);
@@ -3296,9 +3299,8 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
/* copy the new reply header over the old one, but preserve
the smb_com field */
- smb_com2 = CVAL(orig_outbuf,smb_com);
memmove(orig_outbuf,outbuf2,smb_wct);
- CVAL(orig_outbuf,smb_com) = smb_com2;
+ CVAL(orig_outbuf,smb_com) = smb_com1;
/* restore the saved data, being careful not to overwrite any
data from the reply header */
@@ -3309,7 +3311,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
memmove(outbuf2+ofs,outbuf_saved+ofs,smb_wct-ofs);
}
- return(outsize2 + chain_size);
+ return outsize2;
}
@@ -3351,6 +3353,8 @@ int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
outsize = switch_message(type,inbuf,outbuf,size,bufsize);
+ outsize += chain_size;
+
if(outsize > 4)
smb_setlen(outbuf,outsize - 4);
return(outsize);