diff options
author | Jeremy Allison <jra@samba.org> | 1998-10-18 22:06:35 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-10-18 22:06:35 +0000 |
commit | b8aec499dc49b1d86d9f44296e07d40232813642 (patch) | |
tree | 014e4b1eaa634570a351bec6e1baad272f37fc07 /source3 | |
parent | 691e2f245c7ac01b027e7300aa7fd2b1ccc90876 (diff) | |
download | samba-b8aec499dc49b1d86d9f44296e07d40232813642.tar.gz samba-b8aec499dc49b1d86d9f44296e07d40232813642.tar.xz samba-b8aec499dc49b1d86d9f44296e07d40232813642.zip |
Fixed sys_lseek and seek_file calls so all returns
are *checked* :-).
Jeremy.
(This used to be commit b8b781191dd7d28944d87eec5fa0fbef798e289b)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/util.c | 5 | ||||
-rw-r--r-- | source3/locking/shmem.c | 414 | ||||
-rw-r--r-- | source3/smbd/connection.c | 6 | ||||
-rw-r--r-- | source3/smbd/fileio.c | 13 | ||||
-rw-r--r-- | source3/smbd/reply.c | 67 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 3 |
6 files changed, 315 insertions, 193 deletions
diff --git a/source3/lib/util.c b/source3/lib/util.c index d0cb51f3caa..8660e22e577 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -3082,7 +3082,7 @@ int set_filelen(int fd, SMB_OFF_T len) char c = 0; SMB_OFF_T currpos = sys_lseek(fd, (SMB_OFF_T)0, SEEK_CUR); - if(currpos < 0) + if(currpos == -1) return -1; /* Do an fstat to see if the file is longer than the requested size (call ftruncate), @@ -3105,7 +3105,8 @@ int set_filelen(int fd, SMB_OFF_T len) if(write(fd, &c, 1)!=1) return -1; /* Seek to where we were */ - sys_lseek(fd, currpos, SEEK_SET); + if(sys_lseek(fd, currpos, SEEK_SET) != currpos) + return -1; return 0; #endif } diff --git a/source3/locking/shmem.c b/source3/locking/shmem.c index b63db1f168d..2a4e4de129a 100644 --- a/source3/locking/shmem.c +++ b/source3/locking/shmem.c @@ -311,71 +311,113 @@ static BOOL smb_shm_create_hash_table( unsigned int size ) static BOOL smb_shm_register_process(char *processreg_file, pid_t pid, BOOL *other_processes) { - int smb_shm_processes_fd = -1; - int nb_read; - pid_t other_pid; - SMB_OFF_T seek_back = -((SMB_OFF_T)sizeof(other_pid)); - SMB_OFF_T free_slot = -1; - SMB_OFF_T erased_slot; - - smb_shm_processes_fd = open(processreg_file, - read_only?O_RDONLY:(O_RDWR|O_CREAT), - SHM_FILE_MODE); - - if ( smb_shm_processes_fd < 0 ) - { - DEBUG(0,("ERROR smb_shm_register_process : processreg_file open failed with code %s\n",strerror(errno))); - return False; - } - - *other_processes = False; - - while ((nb_read = read(smb_shm_processes_fd, &other_pid, sizeof(other_pid))) > 0) - { - if(other_pid) + int smb_shm_processes_fd = -1; + int nb_read; + pid_t other_pid; + SMB_OFF_T seek_back = -((SMB_OFF_T)sizeof(other_pid)); + SMB_OFF_T free_slot = -1; + SMB_OFF_T erased_slot; + + smb_shm_processes_fd = open(processreg_file, + read_only?O_RDONLY:(O_RDWR|O_CREAT), + SHM_FILE_MODE); + + if ( smb_shm_processes_fd < 0 ) + { + DEBUG(0, ("ERROR smb_shm_register_process : processreg_file \ +open failed with code %s\n",strerror(errno))); + return False; + } + + *other_processes = False; + + while ((nb_read = read(smb_shm_processes_fd, &other_pid, sizeof(other_pid))) > 0) + { + if(other_pid) + { + if(process_exists(other_pid)) + *other_processes = True; + else { - if(process_exists(other_pid)) - *other_processes = True; - else - { - /* erase old pid */ - DEBUG(5,("smb_shm_register_process : erasing stale record for pid %d (seek_back = %.0f)\n", - (int)other_pid, (double)seek_back)); - other_pid = (pid_t)0; - erased_slot = sys_lseek(smb_shm_processes_fd, seek_back, SEEK_CUR); - write(smb_shm_processes_fd, &other_pid, sizeof(other_pid)); - if(free_slot < 0) - free_slot = erased_slot; - } + /* erase old pid */ + DEBUG(5,("smb_shm_register_process : erasing stale record \ +for pid %d (seek_back = %.0f)\n", (int)other_pid, (double)seek_back)); + other_pid = (pid_t)0; + if((erased_slot = sys_lseek(smb_shm_processes_fd, + seek_back, SEEK_CUR)) == -1) + { + DEBUG(0, ("ERROR smb_shm_register_process : sys_lseek failed \ +with error %s\n", strerror(errno))); + close(smb_shm_processes_fd); + return False; + } + + if(write(smb_shm_processes_fd, &other_pid, sizeof(other_pid)) == -1) + { + DEBUG(0, ("ERROR smb_shm_register_process : write failed \ +with error %s\n", strerror(errno))); + close(smb_shm_processes_fd); + return False; + } + + if(free_slot < 0) + free_slot = erased_slot; } - else - if(free_slot < 0) - free_slot = sys_lseek(smb_shm_processes_fd, seek_back, SEEK_CUR); - } - if (nb_read < 0) - { - DEBUG(0,("ERROR smb_shm_register_process : processreg_file read failed with code %s\n",strerror(errno))); + } + else + { + if(free_slot < 0) + { + if((free_slot = sys_lseek(smb_shm_processes_fd, + seek_back, SEEK_CUR))==-1) + { + DEBUG(0, ("ERROR smb_shm_register_process : sys_lseek \ +failed with error %s\n", strerror(errno))); + close(smb_shm_processes_fd); + return False; + } + } /* end if free_slot */ + } /* end else */ + } /* end if other_pid */ + + if (nb_read < 0) + { + DEBUG(0,("ERROR smb_shm_register_process : processreg_file read \ +failed with code %s\n",strerror(errno))); + close(smb_shm_processes_fd); + return False; + } + + if(free_slot < 0) + { + if((free_slot = sys_lseek(smb_shm_processes_fd, 0, SEEK_END)) == -1) + { + DEBUG(0,("ERROR smb_shm_register_process : sys_lseek failed with code %s\n",strerror(errno))); close(smb_shm_processes_fd); return False; - } - - if(free_slot < 0) - free_slot = sys_lseek(smb_shm_processes_fd, 0, SEEK_END); + } + } - DEBUG(5,("smb_shm_register_process : writing record for pid %d at offset %.0f\n", + DEBUG(5,("smb_shm_register_process : writing record for pid %d at offset %.0f\n", (int)pid, (double)free_slot)); - sys_lseek(smb_shm_processes_fd, free_slot, SEEK_SET); - if(write(smb_shm_processes_fd, &pid, sizeof(pid)) < 0) - { - DEBUG(0,("ERROR smb_shm_register_process : processreg_file write failed with code %s\n",strerror(errno))); - close(smb_shm_processes_fd); - return False; - } + if(sys_lseek(smb_shm_processes_fd, free_slot, SEEK_SET) == -1) + { + DEBUG(0,("ERROR smb_shm_register_process : sys_lseek failed with code %s\n",strerror(errno))); + close(smb_shm_processes_fd); + return False; + } - close(smb_shm_processes_fd); + if(write(smb_shm_processes_fd, &pid, sizeof(pid)) == -1) + { + DEBUG(0,("ERROR smb_shm_register_process : processreg_file write failed with code %s\n",strerror(errno))); + close(smb_shm_processes_fd); + return False; + } - return True; + close(smb_shm_processes_fd); + + return True; } static BOOL smb_shm_unregister_process(char *processreg_file, pid_t pid) @@ -754,136 +796,164 @@ static struct shmem_ops shmops = { ******************************************************************/ struct shmem_ops *smb_shm_open(int ronly) { - pstring file_name; - SMB_OFF_T filesize; - BOOL created_new = False; - BOOL other_processes = True; - SMB_OFF_T size = (SMB_OFF_T)lp_shmem_size(); - - read_only = ronly; + pstring file_name; + SMB_OFF_T filesize; + BOOL created_new = False; + BOOL other_processes = True; + SMB_OFF_T size = (SMB_OFF_T)lp_shmem_size(); - pstrcpy(file_name,lp_lockdir()); - if (!directory_exist(file_name,NULL)) { - if (read_only) return NULL; - mkdir(file_name,0755); - } - trim_string(file_name,"","/"); - if (!*file_name) return(False); - pstrcat(file_name, "/SHARE_MEM_FILE"); - - DEBUG(5,("smb_shm_open : using shmem file %s to be of size %.0f\n",file_name,(double)size)); - - smb_shm_fd = open(file_name, read_only?O_RDONLY:(O_RDWR|O_CREAT), - SHM_FILE_MODE); + read_only = ronly; - if ( smb_shm_fd < 0 ) - { - DEBUG(0,("ERROR smb_shm_open : open failed with code %s\n",strerror(errno))); + pstrcpy(file_name,lp_lockdir()); + if (!directory_exist(file_name,NULL)) { + if (read_only) return NULL; - } - - if (!smb_shm_global_lock()) - { - DEBUG(0,("ERROR smb_shm_open : can't do smb_shm_global_lock\n")); - return NULL; - } - - if( (filesize = sys_lseek(smb_shm_fd, 0, SEEK_END)) < 0) - { - DEBUG(0,("ERROR smb_shm_open : lseek failed with code %s\n",strerror(errno))); - smb_shm_global_unlock(); - close(smb_shm_fd); - return NULL; - } - - /* return the file offset to 0 to save on later seeks */ - sys_lseek(smb_shm_fd,0,SEEK_SET); - - if (filesize == 0) - { - /* we just created a new one */ - created_new = True; - } - - /* to find out if some other process is already mapping the file, - we use a registration file containing the processids of the file mapping processes - */ - - /* construct processreg file name */ - pstrcpy(smb_shm_processreg_name, file_name); - pstrcat(smb_shm_processreg_name, ".processes"); - - if (!read_only && - !smb_shm_register_process(smb_shm_processreg_name, getpid(), &other_processes)) - { + mkdir(file_name,0755); + } + trim_string(file_name,"","/"); + if (!*file_name) + return(False); + pstrcat(file_name, "/SHARE_MEM_FILE"); + + DEBUG(5,("smb_shm_open : using shmem file %s to be of size %.0f\n", + file_name,(double)size)); + + smb_shm_fd = open(file_name, read_only?O_RDONLY:(O_RDWR|O_CREAT), + SHM_FILE_MODE); + + if ( smb_shm_fd < 0 ) + { + DEBUG(0,("ERROR smb_shm_open : open failed with code %s\n",strerror(errno))); + return NULL; + } + + if (!smb_shm_global_lock()) + { + DEBUG(0,("ERROR smb_shm_open : can't do smb_shm_global_lock\n")); + return NULL; + } + + if( (filesize = sys_lseek(smb_shm_fd, 0, SEEK_END)) == -1) + { + DEBUG(0,("ERROR smb_shm_open : sys_lseek failed with code %s\n", + strerror(errno))); + smb_shm_global_unlock(); + close(smb_shm_fd); + return NULL; + } + + /* + * Return the file offset to 0 to save on later seeks. + */ + if(sys_lseek(smb_shm_fd,0,SEEK_SET) == -1) + { + DEBUG(0,("ERROR smb_shm_open : sys_lseek failed with code %s\n", + strerror(errno))); + smb_shm_global_unlock(); + close(smb_shm_fd); + return NULL; + } + + if (filesize == 0) + { + /* + * We just created a new one. + */ + created_new = True; + } + + /* + * To find out if some other process is already mapping the file, + * we use a registration file containing the processids of the file + * mapping processes. + */ + + /* construct processreg file name */ + pstrcpy(smb_shm_processreg_name, file_name); + pstrcat(smb_shm_processreg_name, ".processes"); + + if (!read_only && !smb_shm_register_process(smb_shm_processreg_name, + getpid(), &other_processes)) + { + smb_shm_global_unlock(); + close(smb_shm_fd); + return NULL; + } + + if (!read_only && (created_new || !other_processes)) + { + /* we just created a new one, or are the first opener, lets set it size */ + if( sys_ftruncate(smb_shm_fd, size) <0) + { + DEBUG(0,("ERROR smb_shm_open : ftruncate failed with code %s\n", + strerror(errno))); + smb_shm_unregister_process(smb_shm_processreg_name, getpid()); smb_shm_global_unlock(); close(smb_shm_fd); return NULL; - } - - if (!read_only && (created_new || !other_processes)) - { - /* we just created a new one, or are the first opener, lets set it size */ - if( sys_ftruncate(smb_shm_fd, size) <0) - { - DEBUG(0,("ERROR smb_shm_open : ftruncate failed with code %s\n",strerror(errno))); - smb_shm_unregister_process(smb_shm_processreg_name, getpid()); - smb_shm_global_unlock(); - close(smb_shm_fd); - return NULL; - } - - /* paranoia */ - sys_lseek(smb_shm_fd,0,SEEK_SET); - - filesize = size; - } - - if (size != filesize ) - { - /* the existing file has a different size and we are not the first opener. - Since another process is still using it, we will use the file size */ - DEBUG(0,("WARNING smb_shm_open : filesize (%.0f) != expected size (%.0f), using filesize\n", - (double)filesize, (double)size)); + } - size = filesize; - } - - smb_shm_header_p = (struct SmbShmHeader *)mmap(NULL, size, - read_only?PROT_READ: - (PROT_READ | PROT_WRITE), - MAP_FILE | MAP_SHARED, - smb_shm_fd, 0); - /* WARNING, smb_shm_header_p can be different for different processes mapping the same file ! */ - if (smb_shm_header_p == (struct SmbShmHeader *)(-1)) - { - DEBUG(0,("ERROR smb_shm_open : mmap failed with code %s\n",strerror(errno))); + /* paranoia */ + if(sys_lseek(smb_shm_fd,0,SEEK_SET) == -1) + { + DEBUG(0,("ERROR smb_shm_open : sys_lseek failed with code %s\n", + strerror(errno))); smb_shm_unregister_process(smb_shm_processreg_name, getpid()); smb_shm_global_unlock(); close(smb_shm_fd); return NULL; - } + } + + filesize = size; + } + + if (size != filesize ) + { + /* the existing file has a different size and we are not the first opener. + Since another process is still using it, we will use the file size */ + DEBUG(0,("WARNING smb_shm_open : filesize (%.0f) != expected \ +size (%.0f), using filesize\n", (double)filesize, (double)size)); + + size = filesize; + } + + smb_shm_header_p = (struct SmbShmHeader *)mmap(NULL, size, + read_only?PROT_READ: (PROT_READ | PROT_WRITE), + MAP_FILE | MAP_SHARED, smb_shm_fd, 0); + + /* + * WARNING, smb_shm_header_p can be different for different + * processes mapping the same file ! + */ + if (smb_shm_header_p == (struct SmbShmHeader *)(-1)) + { + DEBUG(0,("ERROR smb_shm_open : mmap failed with code %s\n",strerror(errno))); + smb_shm_unregister_process(smb_shm_processreg_name, getpid()); + smb_shm_global_unlock(); + close(smb_shm_fd); + return NULL; + } - if (!read_only && (created_new || !other_processes)) - { - smb_shm_initialize(size); - /* Create the hash buckets for the share file entries. */ - smb_shm_create_hash_table(SHMEM_HASH_SIZE); - } - else if (!smb_shm_validate_header(size) ) - { - /* existing file is corrupt, samba admin should remove it by hand */ - DEBUG(0,("ERROR smb_shm_open : corrupt shared mem file, remove it manually\n")); - munmap((caddr_t)smb_shm_header_p, size); - smb_shm_unregister_process(smb_shm_processreg_name, getpid()); - smb_shm_global_unlock(); - close(smb_shm_fd); - return NULL; - } + if (!read_only && (created_new || !other_processes)) + { + smb_shm_initialize(size); + /* Create the hash buckets for the share file entries. */ + smb_shm_create_hash_table(SHMEM_HASH_SIZE); + } + else if (!smb_shm_validate_header(size) ) + { + /* existing file is corrupt, samba admin should remove it by hand */ + DEBUG(0,("ERROR smb_shm_open : corrupt shared mem file, remove it manually\n")); + munmap((caddr_t)smb_shm_header_p, size); + smb_shm_unregister_process(smb_shm_processreg_name, getpid()); + smb_shm_global_unlock(); + close(smb_shm_fd); + return NULL; + } - smb_shm_global_unlock(); - return &shmops; + smb_shm_global_unlock(); + return &shmops; } diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index 0170fa54972..af74e40f6a5 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -166,7 +166,11 @@ BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOO } if (Clear && crec.pid && !process_exists(crec.pid)) { - sys_lseek(fd,i*sizeof(crec),SEEK_SET); + if(sys_lseek(fd,i*sizeof(crec),SEEK_SET) != i*sizeof(crec)) { + DEBUG(0,("claim_connection: ERROR: sys_lseek failed to seek \ +to %d\n", i*sizeof(crec) )); + continue; + } bzero((void *)&crec,sizeof(crec)); write(fd, &crec,sizeof(crec)); if (foundi < 0) foundi = i; diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c index ebc4544a769..c7ffb6412dd 100644 --- a/source3/smbd/fileio.c +++ b/source3/smbd/fileio.c @@ -31,11 +31,20 @@ seek a file. Try to avoid the seek if possible SMB_OFF_T seek_file(files_struct *fsp,SMB_OFF_T pos) { SMB_OFF_T offset = 0; + SMB_OFF_T seek_ret; if (fsp->print_file && lp_postscript(fsp->conn->service)) offset = 3; - fsp->pos = (sys_lseek(fsp->fd_ptr->fd,pos+offset,SEEK_SET) - offset); + seek_ret = sys_lseek(fsp->fd_ptr->fd,pos+offset,SEEK_SET); + + if((seek_ret == -1) || (seek_ret != pos+offset)) { + DEBUG(0,("seek_file: sys_lseek failed. Error was %s\n", strerror(errno) )); + fsp->pos = -1; + return -1; + } + + fsp->pos = seek_ret - offset; DEBUG(10,("seek_file: requested pos = %.0f, new pos = %.0f\n", (double)(pos+offset), (double)fsp->pos )); @@ -75,7 +84,7 @@ ssize_t read_file(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n) } #endif - if (seek_file(fsp,pos) != pos) { + if (seek_file(fsp,pos) == -1) { DEBUG(3,("read_file: Failed to seek to %.0f\n",(double)pos)); return(ret); } diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index d801ce4a630..bcb408c2a69 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1844,6 +1844,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s #if UNSAFE_READRAW { + BOOL seek_fail = False; int predict=0; _smb_setlen(header,nread); @@ -1852,11 +1853,18 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s predict = read_predict(fsp->fd_ptr->fd,startpos,header+4,NULL,nread); #endif /* USE_READ_PREDICTION */ - if ((nread-predict) > 0) - seek_file(fsp,startpos + predict); - - ret = (ssize_t)transfer_file(fsp->fd_ptr->fd,Client,(SMB_OFF_T)(nread-predict),header,4+predict, - startpos+predict); + if ((nread-predict) > 0) { + if(seek_file(fsp,startpos + predict) == -1) { + DEBUG(0,("reply_readbraw: ERROR: seek_file failed.\n")); + ret = 0; + seek_fail = True; + } + } + + if(!seek_fail) + ret = (ssize_t)transfer_file(fsp->fd_ptr->fd,Client, + (SMB_OFF_T)(nread-predict),header,4+predict, + startpos+predict); } if (ret != nread+4) @@ -2065,8 +2073,10 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int dum_s if (is_locked(fsp,conn,tcount,startpos, F_WRLCK)) return(ERROR(ERRDOS,ERRlock)); - if (seek_file(fsp,startpos) != startpos) + if (seek_file(fsp,startpos) == -1) { DEBUG(0,("couldn't seek to %.0f in writebraw\n",(double)startpos)); + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } if (numtowrite>0) nwritten = write_file(fsp,data,numtowrite); @@ -2153,7 +2163,8 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, int dum if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK)) return(ERROR(ERRDOS,ERRlock)); - seek_file(fsp,startpos); + if(seek_file(fsp,startpos) == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); /* The special X/Open SMB protocol handling of zero length writes is *NOT* done for @@ -2205,7 +2216,8 @@ int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int dum_size,i if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK)) return(ERROR(ERRDOS,ERRlock)); - seek_file(fsp,startpos); + if(seek_file(fsp,startpos) == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); /* X/Open SMB protocol says that if smb_vwv1 is zero then the file size should be extended or @@ -2272,7 +2284,8 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK)) return(ERROR(ERRDOS,ERRlock)); - seek_file(fsp,startpos); + if(seek_file(fsp,startpos) == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); /* X/Open SMB protocol says that, unlike SMBwrite if the length is zero then NO truncation is @@ -2331,7 +2344,9 @@ int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, umode = SEEK_SET; break; } - res = sys_lseek(fsp->fd_ptr->fd,startpos,umode); + if((res = sys_lseek(fsp->fd_ptr->fd,startpos,umode)) == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + fsp->pos = res; outsize = set_message(outbuf,2,0,True); @@ -2469,7 +2484,8 @@ int reply_writeclose(connection_struct *conn, if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK)) return(ERROR(ERRDOS,ERRlock)); - seek_file(fsp,startpos); + if(seek_file(fsp,startpos) == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); nwritten = write_file(fsp,data,numtowrite); @@ -3312,7 +3328,7 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun, { int Access,action; SMB_STRUCT_STAT st; - int ret=0; + int ret=-1; files_struct *fsp1,*fsp2; pstring dest; @@ -3357,7 +3373,15 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun, } if ((ofun&3) == 1) { - sys_lseek(fsp2->fd_ptr->fd,0,SEEK_END); + if(sys_lseek(fsp2->fd_ptr->fd,0,SEEK_END) == -1) { + DEBUG(0,("copy_file: error - sys_lseek returned error %s\n", + strerror(errno) )); + /* + * Stop the copy from occurring. + */ + ret = -1; + st.st_size = 0; + } } if (st.st_size) @@ -3807,7 +3831,9 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int dum_s if (is_locked(fsp,conn,tcount,startpos,F_WRLCK)) return(ERROR(ERRDOS,ERRlock)); - seek_file(fsp,startpos); + if(seek_file(fsp,startpos) == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); + nwritten = write_file(fsp,data,numtowrite); if(lp_syncalways(SNUM(conn)) || write_through) @@ -3909,7 +3935,18 @@ int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz if(wbms->wr_discard) return -1; /* Just discard the packet */ - seek_file(fsp,startpos); + if(seek_file(fsp,startpos) == -1) + { + if(write_through) + { + /* We are returning an error - we can delete the aux struct */ + if (wbms) free((char *)wbms); + fsp->wbmpx_ptr = NULL; + return(UNIXERROR(ERRDOS,ERRnoaccess)); + } + return(CACHE_ERROR(wbms,ERRDOS,ERRnoaccess)); + } + nwritten = write_file(fsp,data,numtowrite); if(lp_syncalways(SNUM(conn)) || write_through) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index f9186115f56..62bfb612e5a 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1253,7 +1253,8 @@ static int call_trans2qfilepathinfo(connection_struct *conn, DEBUG(3,("fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno))); return(UNIXERROR(ERRDOS,ERRbadfid)); } - pos = sys_lseek(fsp->fd_ptr->fd,0,SEEK_CUR); + if((pos = sys_lseek(fsp->fd_ptr->fd,0,SEEK_CUR)) == -1) + return(UNIXERROR(ERRDOS,ERRnoaccess)); } else { /* qpathinfo */ info_level = SVAL(params,0); |