From 88dd6af605dc5754b7e146a068272d37651da710 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 18 Mar 2009 08:46:38 +0100 Subject: s3:libsmb: always create bytes array in cli_trans code Otherwise we return NO_MEMORY without a reason for fragmented trans requests, as talloc_append_blob() returns buf if we append a 0 length blob. When we pass buf = NULL we'll get back NULL and then assume NO_MEMORY... metze --- source3/libsmb/clitrans.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'source3/libsmb/clitrans.c') diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index f5794ea04e..0266c0307e 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -731,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, uint16_t this_data = 0; uint32_t useable_space; uint8_t cmd; + uint8_t pad[3]; frame = talloc_stackframe(); @@ -743,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset = smb_size - 4; + bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */ + if (bytes == NULL) { + goto fail; + } + switch (cmd) { case SMBtrans: - bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */ + pad[0] = 0; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 1)); if (bytes == NULL) { goto fail; } @@ -759,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset += talloc_get_size(bytes); break; case SMBtrans2: - bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */ + pad[0] = 0; + pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ + pad[2] = ' '; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 3)); if (bytes == NULL) { goto fail; } - bytes[0] = 0; - bytes[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ - bytes[2] = ' '; wct = 14 + state->num_setup; param_offset += talloc_get_size(bytes); break; -- cgit