From 7f9d6f80efbc211977b13ece80fff6adbea929ac Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sat, 1 Nov 2008 16:24:42 +0100
Subject: Add a "buflen" struct member to smb_request

This removes some explicit inbuf references and also removes a pointless check
in reply_echo. The buflen can never be more than 64k, this is just a 16 bit
value.
---
 source3/include/smb.h    |  1 +
 source3/smbd/process.c   |  5 +++--
 source3/smbd/reply.c     | 22 +++++++---------------
 source3/smbd/sesssetup.c |  3 +--
 4 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index fdbad2a22a..d682052c63 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -631,6 +631,7 @@ struct smb_request {
 	uint16 vuid;
 	uint16 tid;
 	uint8  wct;
+	uint16_t buflen;
 	const uint8 *inbuf;
 	uint8 *outbuf;
 	size_t unread_bytes;
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 4d415b2d27..8e1add3fb1 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -375,6 +375,7 @@ void init_smb_request(struct smb_request *req,
 	req->vuid   = SVAL(inbuf, smb_uid);
 	req->tid    = SVAL(inbuf, smb_tid);
 	req->wct    = CVAL(inbuf, smb_wct);
+	req->buflen = smb_buflen(inbuf);
 	req->unread_bytes = unread_bytes;
 	req->encrypted = encrypted;
 	req->conn = conn_find(req->tid);
@@ -388,10 +389,10 @@ void init_smb_request(struct smb_request *req,
 		exit_server_cleanly("Invalid SMB request");
 	}
 	/* Ensure bcc is correct. */
-	if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
+	if (((uint8 *)smb_buf(inbuf)) + req->buflen > inbuf + req_size) {
 		DEBUG(0,("init_smb_request: invalid bcc number %u "
 			"(wct = %u, size %u)\n",
-			(unsigned int)smb_buflen(inbuf),
+			(unsigned int)req->buflen,
 			(unsigned int)req->wct,
 			(unsigned int)req_size));
 		exit_server_cleanly("Invalid SMB request");
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 25480c6e3b..2d7e557980 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -523,7 +523,7 @@ void reply_tcon(struct smb_request *req)
 
 	START_PROFILE(SMBtcon);
 
-	if (smb_buflen(req->inbuf) < 4) {
+	if (req->buflen < 4) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 		END_PROFILE(SMBtcon);
 		return;
@@ -614,7 +614,7 @@ void reply_tcon_and_X(struct smb_request *req)
 		conn = NULL;
 	}
 
-	if ((passlen > MAX_PASS_LEN) || (passlen >= smb_buflen(req->inbuf))) {
+	if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
 		reply_doserror(req, ERRDOS, ERRbuftoosmall);
 		END_PROFILE(SMBtconX);
 		return;
@@ -4562,7 +4562,6 @@ void reply_echo(struct smb_request *req)
 	connection_struct *conn = req->conn;
 	int smb_reverb;
 	int seq_num;
-	unsigned int data_len = smb_buflen(req->inbuf);
 
 	START_PROFILE(SMBecho);
 
@@ -4572,20 +4571,13 @@ void reply_echo(struct smb_request *req)
 		return;
 	}
 
-	if (data_len > BUFFER_SIZE) {
-		DEBUG(0,("reply_echo: data_len too large.\n"));
-		reply_nterror(req, NT_STATUS_INSUFFICIENT_RESOURCES);
-		END_PROFILE(SMBecho);
-		return;
-	}
-
 	smb_reverb = SVAL(req->inbuf,smb_vwv0);
 
-	reply_outbuf(req, 1, data_len);
+	reply_outbuf(req, 1, req->buflen);
 
 	/* copy any incoming data back out */
-	if (data_len > 0) {
-		memcpy(smb_buf(req->outbuf),smb_buf(req->inbuf),data_len);
+	if (req->buflen > 0) {
+		memcpy(smb_buf(req->outbuf), smb_buf(req->inbuf), req->buflen);
 	}
 
 	if (smb_reverb > 100) {
@@ -4835,7 +4827,7 @@ void reply_printwrite(struct smb_request *req)
 
 	numtowrite = SVAL(smb_buf(req->inbuf),1);
 
-	if (smb_buflen(req->inbuf) < numtowrite + 3) {
+	if (req->buflen < numtowrite + 3) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 		END_PROFILE(SMBsplwr);
 		return;
@@ -6746,7 +6738,7 @@ void reply_lockingX(struct smb_request *req)
 
 	release_level_2_oplocks_on_change(fsp);
 
-	if (smb_buflen(req->inbuf) <
+	if (req->buflen <
 	    (num_ulocks + num_locks) * (large_file_format ? 20 : 10)) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 		END_PROFILE(SMBlockingX);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b258386121..02931e49f4 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1446,8 +1446,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		 * don't get client caps. */
 		remove_from_common_flags2(FLAGS2_32_BIT_ERROR_CODES);
 
-		if ((passlen1 > MAX_PASS_LEN)
-		    || (passlen1 > smb_buflen(req->inbuf))) {
+		if ((passlen1 > MAX_PASS_LEN) || (passlen1 > req->buflen)) {
 			reply_nterror(req, nt_status_squash(
 					      NT_STATUS_INVALID_PARAMETER));
 			END_PROFILE(SMBsesssetupX);
-- 
cgit