From 8315677ca3ca9eed62fe6e24bac333b9b5dc763b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 7 Nov 2008 20:38:05 +0100
Subject: Do not write into inbuf for the transs request

Instead, fix up the outbuf in send_xx_reply. In those routines, we know
what we are returning.
---
 source3/smbd/ipc.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'source3/smbd/ipc.c')

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index c7a44270f5..26a4212ec9 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -105,6 +105,12 @@ void send_trans_reply(connection_struct *conn,
 
 	reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
 
+	/*
+	 * We might have SMBtranss in req which was transferred to the outbuf,
+	 * fix that.
+	 */
+	SCVAL(req->outbuf, smb_com, SMBtrans);
+
 	copy_trans_params_and_data((char *)req->outbuf, align,
 				rparam, tot_param_sent, this_lparam,
 				rdata, tot_data_sent, this_ldata);
@@ -155,6 +161,12 @@ void send_trans_reply(connection_struct *conn,
 
 		reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
 
+		/*
+		 * We might have SMBtranss in req which was transferred to the
+		 * outbuf, fix that.
+		 */
+		SCVAL(req->outbuf, smb_com, SMBtrans);
+
 		copy_trans_params_and_data((char *)req->outbuf, align,
 					   rparam, tot_param_sent, this_lparam,
 					   rdata, tot_data_sent, this_ldata);
@@ -774,12 +786,6 @@ void reply_transs(struct smb_request *req)
 		return;
 	}
 
-        /*
-	 * construct_reply_common will copy smb_com from inbuf to
-	 * outbuf. SMBtranss is wrong here.
-         */
-        SCVAL(req->inbuf,smb_com,SMBtrans);
-
 	handle_trans(conn, req, state);
 
 	DLIST_REMOVE(conn->pending_trans, state);
-- 
cgit