summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h25
-rw-r--r--source3/smbd/trans2.c12
2 files changed, 33 insertions, 4 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 8b7ad6ea92..429ce87f40 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -895,6 +895,31 @@ struct parm_struct
#define smb_droff smb_vwv7
#define smb_drdisp smb_vwv8
+/* these are for the NT trans primary request. */
+#define smb_nt_MaxSetupCount smb_vwv0
+#define smb_nt_Flags (smb_vwv0 + 1)
+#define smb_nt_TotalParameterCount (smb_vwv0 + 3)
+#define smb_nt_TotalDataCount (smb_vwv0 + 7)
+#define smb_nt_MaxParameterCount (smb_vwv0 + 11)
+#define smb_nt_MaxDataCount (smb_vwv0 + 15)
+#define smb_nt_ParameterCount (smb_vwv0 + 19)
+#define smb_nt_ParameterOffset (smb_vwv0 + 23)
+#define smb_nt_DataCount (smb_vwv0 + 27)
+#define smb_nt_DataOffset (smb_vwv0 + 31)
+#define smb_nt_SetupCount (smb_vwv0 + 35)
+#define smb_nt_Function (smb_vwv0 + 36)
+#define smb_nt_SetupStart (smb_vwv0 + 39)
+
+/* these are for the NT trans secondary request. */
+#define smb_nts_TotalParameterCount (smb_vwv0 + 3)
+#define smb_nts_TotalDataCount (smb_vwv0 + 7)
+#define smb_nts_ParameterCount (smb_vwv0 + 11)
+#define smb_nts_ParameterOffset (smb_vwv0 + 15)
+#define smb_nts_ParameterDisplacement (smb_vwv0 + 19)
+#define smb_nts_DataCount (smb_vwv0 + 23)
+#define smb_nts_DataOffset (smb_vwv0 + 27)
+#define smb_nts_DataDisplacement (smb_vwv0 + 31)
+
/* where to find the base of the SMB packet proper */
#define smb_base(buf) (((char *)(buf))+4)
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 75cf18785c..af70064ef4 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1787,8 +1787,10 @@ int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize)
if (num_params > total_params || num_data > total_data)
exit_server("invalid params in reply_trans2");
- memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
- memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
+ if(params)
+ memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
+ if(data)
+ memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
if(num_data_sofar < total_data || num_params_sofar < total_params)
{
@@ -1812,8 +1814,10 @@ int reply_trans2(char *inbuf,char *outbuf,int length,int bufsize)
else
DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n",
(smb_read_error == READ_ERROR) ? "error" : "timeout" ));
- free(params);
- free(data);
+ if(params)
+ free(params);
+ if(data)
+ free(data);
return(ERROR(ERRSRV,ERRerror));
}