diff options
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 6 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 70 |
2 files changed, 33 insertions, 43 deletions
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 6e2bfb8b4a..c844f6486e 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1131,6 +1131,12 @@ struct async_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev, return NULL; } + if (len == 0) { + state->nwritten = 0; + status = NT_STATUS_OK; + goto post_status; + } + if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) { struct pipes_struct *p = talloc_get_type_abort( handle->private_data, struct pipes_struct); diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index b148cff045..cf22eb17f3 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -150,6 +150,7 @@ void reply_pipe_write(struct smb_request *req) size_t numtowrite = SVAL(req->vwv+1, 0); ssize_t nwritten; const uint8_t *data; + NTSTATUS status; if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -163,22 +164,12 @@ void reply_pipe_write(struct smb_request *req) data = req->buf + 3; - if (numtowrite == 0) { - nwritten = 0; - } else { - NTSTATUS status; - if (!fsp_is_np(fsp)) { - reply_nterror(req, NT_STATUS_INVALID_HANDLE); - return; - } - DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", - (int)fsp->fnum, fsp->fsp_name, (int)numtowrite)); - status = np_write(fsp->fake_file_handle, data, numtowrite, - &nwritten); - if (!NT_STATUS_IS_OK(status)) { - reply_nterror(req, status); - return; - } + DEBUG(6, ("reply_pipe_write: %x name: %s len: %d\n", (int)fsp->fnum, + fsp->fsp_name, (int)numtowrite)); + status = np_write(fsp->fake_file_handle, data, numtowrite, &nwritten); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + return; } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { @@ -213,6 +204,7 @@ void reply_pipe_write_and_X(struct smb_request *req) ((SVAL(req->vwv+7, 0) & (PIPE_START_MESSAGE|PIPE_RAW_MODE)) == (PIPE_START_MESSAGE|PIPE_RAW_MODE)); uint8_t *data; + NTSTATUS status; if (!fsp_is_np(fsp)) { reply_doserror(req, ERRDOS, ERRbadfid); @@ -229,35 +221,27 @@ void reply_pipe_write_and_X(struct smb_request *req) data = (uint8_t *)smb_base(req->inbuf) + smb_doff; - if (numtowrite == 0) { - nwritten = 0; - } else { - NTSTATUS status; - - if(pipe_start_message_raw) { - /* - * For the start of a message in named pipe byte mode, - * the first two bytes are a length-of-pdu field. Ignore - * them (we don't trust the client). JRA. - */ - if(numtowrite < 2) { - DEBUG(0,("reply_pipe_write_and_X: start of " - "message set and not enough data " - "sent.(%u)\n", - (unsigned int)numtowrite )); - reply_unixerror(req, ERRDOS, ERRnoaccess); - return; - } - - data += 2; - numtowrite -= 2; - } - status = np_write(fsp->fake_file_handle, data, numtowrite, - &nwritten); - if (!NT_STATUS_IS_OK(status)) { - reply_nterror(req, status); + if(pipe_start_message_raw) { + /* + * For the start of a message in named pipe byte mode, + * the first two bytes are a length-of-pdu field. Ignore + * them (we don't trust the client). JRA. + */ + if(numtowrite < 2) { + DEBUG(0,("reply_pipe_write_and_X: start of message " + "set and not enough data sent.(%u)\n", + (unsigned int)numtowrite )); + reply_unixerror(req, ERRDOS, ERRnoaccess); return; } + + data += 2; + numtowrite -= 2; + } + status = np_write(fsp->fake_file_handle, data, numtowrite, &nwritten); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + return; } if ((nwritten == 0 && numtowrite != 0) || (nwritten < 0)) { |