summaryrefslogtreecommitdiff
path: root/source3/smbd/ipc.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/ipc.c')
-rw-r--r--source3/smbd/ipc.c107
1 files changed, 55 insertions, 52 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 59a5dfdd3f..f4c45999ba 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -81,8 +81,7 @@ static void copy_trans_params_and_data(char *outbuf, int align,
Send a trans reply.
****************************************************************************/
-void send_trans_reply(connection_struct *conn,
- struct smb_request *req,
+void send_trans_reply(connection_struct *conn, const uint8_t *inbuf,
char *rparam, int rparam_len,
char *rdata, int rdata_len,
bool buffer_too_large)
@@ -91,6 +90,7 @@ void send_trans_reply(connection_struct *conn,
int tot_data_sent = 0;
int tot_param_sent = 0;
int align;
+ char *outbuf;
int ldata = rdata ? rdata_len : 0;
int lparam = rparam ? rparam_len : 0;
@@ -103,47 +103,48 @@ void send_trans_reply(connection_struct *conn,
align = ((this_lparam)%4);
- reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
+ if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf,
+ 10, 1+align+this_ldata+this_lparam)) {
+ smb_panic("could not allocate outbuf");
+ }
- copy_trans_params_and_data((char *)req->outbuf, align,
+ copy_trans_params_and_data(outbuf, align,
rparam, tot_param_sent, this_lparam,
rdata, tot_data_sent, this_ldata);
- SSVAL(req->outbuf,smb_vwv0,lparam);
- SSVAL(req->outbuf,smb_vwv1,ldata);
- SSVAL(req->outbuf,smb_vwv3,this_lparam);
- SSVAL(req->outbuf,smb_vwv4,smb_offset(smb_buf(req->outbuf)+1,
- req->outbuf));
- SSVAL(req->outbuf,smb_vwv5,0);
- SSVAL(req->outbuf,smb_vwv6,this_ldata);
- SSVAL(req->outbuf,smb_vwv7,smb_offset(smb_buf(req->outbuf)+1+
- this_lparam+align,
- req->outbuf));
- SSVAL(req->outbuf,smb_vwv8,0);
- SSVAL(req->outbuf,smb_vwv9,0);
+ SSVAL(outbuf,smb_vwv0,lparam);
+ SSVAL(outbuf,smb_vwv1,ldata);
+ SSVAL(outbuf,smb_vwv3,this_lparam);
+ SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
+ SSVAL(outbuf,smb_vwv5,0);
+ SSVAL(outbuf,smb_vwv6,this_ldata);
+ SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align,
+ outbuf));
+ SSVAL(outbuf,smb_vwv8,0);
+ SSVAL(outbuf,smb_vwv9,0);
if (buffer_too_large) {
- error_packet_set((char *)req->outbuf,
- ERRDOS, ERRmoredata,
- STATUS_BUFFER_OVERFLOW,
- __LINE__, __FILE__);
+ error_packet_set((char *)outbuf, ERRDOS, ERRmoredata,
+ STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__);
}
- show_msg((char *)req->outbuf);
- if (!srv_send_smb(smbd_server_fd(),
- (char *)req->outbuf,
- IS_CONN_ENCRYPTED(conn)))
+ show_msg(outbuf);
+ if (!srv_send_smb(smbd_server_fd(), (char *)outbuf,
+ IS_CONN_ENCRYPTED(conn))) {
exit_server_cleanly("send_trans_reply: srv_send_smb failed.");
+ }
- TALLOC_FREE(req->outbuf);
+ TALLOC_FREE(outbuf);
tot_data_sent = this_ldata;
tot_param_sent = this_lparam;
while (tot_data_sent < ldata || tot_param_sent < lparam)
{
- this_lparam = MIN(lparam-tot_param_sent, max_send - 500); /* hack */
- this_ldata = MIN(ldata -tot_data_sent, max_send - (500+this_lparam));
+ this_lparam = MIN(lparam-tot_param_sent,
+ max_send - 500); /* hack */
+ this_ldata = MIN(ldata -tot_data_sent,
+ max_send - (500+this_lparam));
if(this_lparam < 0)
this_lparam = 0;
@@ -153,39 +154,39 @@ void send_trans_reply(connection_struct *conn,
align = (this_lparam%4);
- reply_outbuf(req, 10, 1+this_ldata+this_lparam+align);
+ if (!create_outbuf(talloc_tos(), (char *)inbuf, &outbuf,
+ 10, 1+align+this_ldata+this_lparam)) {
+ smb_panic("could not allocate outbuf");
+ }
- copy_trans_params_and_data((char *)req->outbuf, align,
+ copy_trans_params_and_data(outbuf, align,
rparam, tot_param_sent, this_lparam,
rdata, tot_data_sent, this_ldata);
- SSVAL(req->outbuf,smb_vwv3,this_lparam);
- SSVAL(req->outbuf,smb_vwv4,smb_offset(smb_buf(req->outbuf)+1,
- req->outbuf));
- SSVAL(req->outbuf,smb_vwv5,tot_param_sent);
- SSVAL(req->outbuf,smb_vwv6,this_ldata);
- SSVAL(req->outbuf,smb_vwv7,smb_offset(smb_buf(req->outbuf)+1+
- this_lparam+align,
- req->outbuf));
- SSVAL(req->outbuf,smb_vwv8,tot_data_sent);
- SSVAL(req->outbuf,smb_vwv9,0);
+ SSVAL(outbuf,smb_vwv3,this_lparam);
+ SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
+ SSVAL(outbuf,smb_vwv5,tot_param_sent);
+ SSVAL(outbuf,smb_vwv6,this_ldata);
+ SSVAL(outbuf,smb_vwv7,
+ smb_offset(smb_buf(outbuf)+1+this_lparam+align, outbuf));
+ SSVAL(outbuf,smb_vwv8,tot_data_sent);
+ SSVAL(outbuf,smb_vwv9,0);
if (buffer_too_large) {
- error_packet_set((char *)req->outbuf,
- ERRDOS, ERRmoredata,
+ error_packet_set(outbuf, ERRDOS, ERRmoredata,
STATUS_BUFFER_OVERFLOW,
__LINE__, __FILE__);
}
- show_msg((char *)req->outbuf);
- if (!srv_send_smb(smbd_server_fd(),
- (char *)req->outbuf,
- IS_CONN_ENCRYPTED(conn)))
- exit_server_cleanly("send_trans_reply: srv_send_smb failed.");
+ show_msg(outbuf);
+ if (!srv_send_smb(smbd_server_fd(), outbuf,
+ IS_CONN_ENCRYPTED(conn)))
+ exit_server_cleanly("send_trans_reply: srv_send_smb "
+ "failed.");
tot_data_sent += this_ldata;
tot_param_sent += this_lparam;
- TALLOC_FREE(req->outbuf);
+ TALLOC_FREE(outbuf);
}
}
@@ -212,7 +213,8 @@ static void api_rpc_trans_reply(connection_struct *conn, struct smb_request *req
return;
}
- send_trans_reply(conn, req, NULL, 0, rdata, data_len, is_data_outstanding);
+ send_trans_reply(conn, req->inbuf, NULL, 0, rdata, data_len,
+ is_data_outstanding);
SAFE_FREE(rdata);
return;
}
@@ -236,7 +238,7 @@ static void api_WNPHS(connection_struct *conn, struct smb_request *req, smb_np_s
if (wait_rpc_pipe_hnd_state(p, priority)) {
/* now send the reply */
- send_trans_reply(conn, req, NULL, 0, NULL, 0, False);
+ send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
return;
}
api_no_reply(conn,req);
@@ -262,7 +264,7 @@ static void api_SNPHS(connection_struct *conn, struct smb_request *req, smb_np_s
if (set_rpc_pipe_hnd_state(p, id)) {
/* now send the reply */
- send_trans_reply(conn, req, NULL, 0, NULL, 0, False);
+ send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0, False);
return;
}
api_no_reply(conn,req);
@@ -284,7 +286,7 @@ static void api_no_reply(connection_struct *conn, struct smb_request *req)
DEBUG(3,("Unsupported API fd command\n"));
/* now send the reply */
- send_trans_reply(conn, req, rparam, 4, NULL, 0, False);
+ send_trans_reply(conn, req->inbuf, rparam, 4, NULL, 0, False);
return;
}
@@ -326,7 +328,8 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid,
/* Win9x does this call with a unicode pipe name, not a pnum. */
/* Just return success for now... */
DEBUG(3,("Got TRANSACT_WAITNAMEDPIPEHANDLESTATE on text pipe name\n"));
- send_trans_reply(conn, req, NULL, 0, NULL, 0, False);
+ send_trans_reply(conn, req->inbuf, NULL, 0, NULL, 0,
+ False);
return;
}