summaryrefslogtreecommitdiffstats
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-08-10 17:53:35 +0200
committerVolker Lendecke <vl@samba.org>2008-08-10 18:24:33 +0200
commit1a7b6fe34d6d7d29256fe3b5432593fa07d74838 (patch)
tree283448433714ec4252cd5259b60492812dfc9b09 /source3
parent12b6c1f57db772679cfb4b640a3f3dba259c9c72 (diff)
downloadsamba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.tar.gz
samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.tar.xz
samba-1a7b6fe34d6d7d29256fe3b5432593fa07d74838.zip
fix smb_len calculation for chained requests
I think chain_reply() is one of the most tricky parts of Samba. This recursion needs to go away, we need to sequentially walk the chain list. (This used to be commit af2b01d85188d2301580643f7e862e3e3988aadc)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/process.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index a1d2d88b3dd..332a2e4da3a 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1653,6 +1653,7 @@ void chain_reply(struct smb_request *req)
char *outbuf = (char *)req->outbuf;
size_t outsize = smb_len(outbuf) + 4;
size_t outsize_padded;
+ size_t padding;
size_t ofs, to_move;
struct smb_request *req2;
@@ -1691,6 +1692,7 @@ void chain_reply(struct smb_request *req)
*/
outsize_padded = (outsize + 3) & ~3;
+ padding = outsize_padded - outsize;
/*
* remember how much the caller added to the chain, only counting
@@ -1804,17 +1806,17 @@ void chain_reply(struct smb_request *req)
SCVAL(outbuf, smb_vwv0, smb_com2);
SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
- if (outsize_padded > outsize) {
+ if (padding != 0) {
/*
* Due to padding we have some uninitialized bytes after the
* caller's output
*/
- memset(outbuf + outsize, 0, outsize_padded - outsize);
+ memset(outbuf + outsize, 0, padding);
}
- smb_setlen(outbuf, outsize2 + chain_size - 4);
+ smb_setlen(outbuf, outsize2 + caller_outputlen + padding - 4);
/*
* restore the saved data, being careful not to overwrite any data