Applying Luke's fix for the multiple DCE/RPC PDU problem to 2.0.

Jeremy.

3 files changed, 25 insertions, 41 deletions

diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h
index edbe87ab8d8..fe35478bef6 100644
--- a/source/include/ntdomain.h
+++ b/source/include/ntdomain.h
@@ -97,10 +97,9 @@ typedef struct pipes_struct
 	fstring domain;
 	fstring wks;
 
-	uint32 file_offset;
-	uint32 hdr_offsets;
-	uint32 frag_len_left;
-	uint32 next_frag_start;
+	uint32 file_offset; /* Offset (including headers) into the data stream sent. */
+    uint32 prev_pdu_file_offset; /* Offset (including headers) where the last whole framgent sent. */
+	uint32 hdr_offsets; /* Total number of bytes in the headers sent (0x18 * number_of_headers_sent). */
 
 } pipes_struct;
 
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 1ad4cb6b9e6..e37bc47022c 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -202,10 +202,6 @@ BOOL create_rpc_reply(pipes_struct *p,
 		prs_link(&p->rhdr, &p->rdata_i, NULL       );
 	}
 
-	/* indicate to subsequent data reads where we are up to */
-	p->frag_len_left   = p->hdr.frag_len - p->file_offset;
-	p->next_frag_start = p->hdr.frag_len; 
-	
 	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
 }
 
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c
index 54ecbf707e2..e7d996995d3 100644
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -133,9 +133,8 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
 	p->rdata.offset = 0;
 	
 	p->file_offset     = 0;
+	p->prev_pdu_file_offset = 0;
 	p->hdr_offsets     = 0;
-	p->frag_len_left   = 0;
-	p->next_frag_start = 0;
 	
 	p->ntlmssp_validated = False;
 	p->ntlmssp_auth      = False;
@@ -230,24 +229,10 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
 
 	DEBUG(6,("read_pipe: p: %p file_offset: %d file_pos: %d\n",
 		 p, p->file_offset, n));
-	DEBUG(6,("read_pipe: frag_len_left: %d next_frag_start: %d\n",
-		 p->frag_len_left, p->next_frag_start));
 
 	/* the read request starts from where the SMBtrans2 left off. */
-	data_pos     = p->file_offset - p->hdr_offsets;
-	data_hdr_pos = p->file_offset;
-
-	len = mem_buf_len(p->rhdr.data);
-	num = len - (int)data_pos;
-	
-	DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n));
-	
-	if (num > n) num = n;
-	if (num <= 0)
-	{
-		DEBUG(5,("read_pipe: 0 or -ve data length\n"));
-		return 0;
-	}
+	data_hdr_pos = p->file_offset - p->prev_pdu_file_offset;
+	data_pos     = data_hdr_pos - p->hdr_offsets;
 
 	if (!IS_BITS_SET_ALL(p->hdr.flags, RPC_FLG_LAST))
 	{
@@ -256,48 +241,52 @@ int read_pipe(pipes_struct *p, char *data, uint32 pos, int n)
 		DEBUG(5,("read_pipe: frag_len: %d data_pos: %d data_hdr_pos: %d\n",
 			 p->hdr.frag_len, data_pos, data_hdr_pos));
 		
-		if (data_hdr_pos == p->next_frag_start)
+		if (data_hdr_pos == 0)
 		{
 			DEBUG(6,("read_pipe: next fragment header\n"));
 
 			/* this is subtracted from the total data bytes, later */
 			hdr_num = 0x18;
+			p->hdr_offsets += 0x18;
 
 			/* create and copy in a new header. */
-			create_rpc_reply(p, data_pos, p->rdata.offset);
-			mem_buf_copy(data, p->rhdr.data, 0, 0x18);
-			
-			data += 0x18;
-			p->hdr_offsets += 0x18;
+			create_rpc_reply(p, p->file_offset - p->hdr_offsets, p->rdata.offset);
 		}			
 	}
 	
+	len = mem_buf_len(p->rhdr.data);
+	num = len - (int)data_pos;
+	
+	DEBUG(6,("read_pipe: len: %d num: %d n: %d\n", len, num, n));
+	
+	if (num > n) num = n;
+	if (num <= 0)
+	{
+		DEBUG(5,("read_pipe: 0 or -ve data length\n"));
+		return 0;
+	}
+
 	if (num < hdr_num)
 	{
 		DEBUG(5,("read_pipe: warning - data read only part of a header\n"));
 	}
 
-	DEBUG(6,("read_pipe: adjusted data_pos: %d num-hdr_num: %d\n",
-		 data_pos, num - hdr_num));
-	mem_buf_copy(data, p->rhdr.data, data_pos, num - hdr_num);
+	mem_buf_copy(data, p->rhdr.data, data_pos, num);
 	
 	data_pos += num;
 	data_hdr_pos += num;
+	p->file_offset  += num;
 	
 	if (hdr_num == 0x18 && num == 0x18)
 	{
 		DEBUG(6,("read_pipe: just header read\n"));
-
-		/* advance to the next fragment */
-		p->frag_len_left -= 0x18; 
 	}
-	else if (data_hdr_pos == p->next_frag_start)
+	else if (data_hdr_pos == p->hdr.frag_len)
 	{
 		DEBUG(6,("read_pipe: next fragment expected\n"));
+		p->prev_pdu_file_offset = p->file_offset;
 	}
 
-	p->file_offset  += num;
-	
 	return num;
 }