summaryrefslogtreecommitdiffstats
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-10-18 22:06:35 +0000
committerJeremy Allison <jra@samba.org>1998-10-18 22:06:35 +0000
commitb8aec499dc49b1d86d9f44296e07d40232813642 (patch)
tree014e4b1eaa634570a351bec6e1baad272f37fc07 /source3
parent691e2f245c7ac01b027e7300aa7fd2b1ccc90876 (diff)
downloadsamba-b8aec499dc49b1d86d9f44296e07d40232813642.tar.gz
samba-b8aec499dc49b1d86d9f44296e07d40232813642.tar.xz
samba-b8aec499dc49b1d86d9f44296e07d40232813642.zip
Fixed sys_lseek and seek_file calls so all returns
are *checked* :-). Jeremy. (This used to be commit b8b781191dd7d28944d87eec5fa0fbef798e289b)
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/util.c5
-rw-r--r--source3/locking/shmem.c414
-rw-r--r--source3/smbd/connection.c6
-rw-r--r--source3/smbd/fileio.c13
-rw-r--r--source3/smbd/reply.c67
-rw-r--r--source3/smbd/trans2.c3
6 files changed, 315 insertions, 193 deletions
diff --git a/source3/lib/util.c b/source3/lib/util.c
index d0cb51f3caa..8660e22e577 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -3082,7 +3082,7 @@ int set_filelen(int fd, SMB_OFF_T len)
char c = 0;
SMB_OFF_T currpos = sys_lseek(fd, (SMB_OFF_T)0, SEEK_CUR);
- if(currpos < 0)
+ if(currpos == -1)
return -1;
/* Do an fstat to see if the file is longer than
the requested size (call ftruncate),
@@ -3105,7 +3105,8 @@ int set_filelen(int fd, SMB_OFF_T len)
if(write(fd, &c, 1)!=1)
return -1;
/* Seek to where we were */
- sys_lseek(fd, currpos, SEEK_SET);
+ if(sys_lseek(fd, currpos, SEEK_SET) != currpos)
+ return -1;
return 0;
#endif
}
diff --git a/source3/locking/shmem.c b/source3/locking/shmem.c
index b63db1f168d..2a4e4de129a 100644
--- a/source3/locking/shmem.c
+++ b/source3/locking/shmem.c
@@ -311,71 +311,113 @@ static BOOL smb_shm_create_hash_table( unsigned int size )
static BOOL smb_shm_register_process(char *processreg_file, pid_t pid, BOOL *other_processes)
{
- int smb_shm_processes_fd = -1;
- int nb_read;
- pid_t other_pid;
- SMB_OFF_T seek_back = -((SMB_OFF_T)sizeof(other_pid));
- SMB_OFF_T free_slot = -1;
- SMB_OFF_T erased_slot;
-
- smb_shm_processes_fd = open(processreg_file,
- read_only?O_RDONLY:(O_RDWR|O_CREAT),
- SHM_FILE_MODE);
-
- if ( smb_shm_processes_fd < 0 )
- {
- DEBUG(0,("ERROR smb_shm_register_process : processreg_file open failed with code %s\n",strerror(errno)));
- return False;
- }
-
- *other_processes = False;
-
- while ((nb_read = read(smb_shm_processes_fd, &other_pid, sizeof(other_pid))) > 0)
- {
- if(other_pid)
+ int smb_shm_processes_fd = -1;
+ int nb_read;
+ pid_t other_pid;
+ SMB_OFF_T seek_back = -((SMB_OFF_T)sizeof(other_pid));
+ SMB_OFF_T free_slot = -1;
+ SMB_OFF_T erased_slot;
+
+ smb_shm_processes_fd = open(processreg_file,
+ read_only?O_RDONLY:(O_RDWR|O_CREAT),
+ SHM_FILE_MODE);
+
+ if ( smb_shm_processes_fd < 0 )
+ {
+ DEBUG(0, ("ERROR smb_shm_register_process : processreg_file \
+open failed with code %s\n",strerror(errno)));
+ return False;
+ }
+
+ *other_processes = False;
+
+ while ((nb_read = read(smb_shm_processes_fd, &other_pid, sizeof(other_pid))) > 0)
+ {
+ if(other_pid)
+ {
+ if(process_exists(other_pid))
+ *other_processes = True;
+ else
{
- if(process_exists(other_pid))
- *other_processes = True;
- else
- {
- /* erase old pid */
- DEBUG(5,("smb_shm_register_process : erasing stale record for pid %d (seek_back = %.0f)\n",
- (int)other_pid, (double)seek_back));
- other_pid = (pid_t)0;
- erased_slot = sys_lseek(smb_shm_processes_fd, seek_back, SEEK_CUR);
- write(smb_shm_processes_fd, &other_pid, sizeof(other_pid));
- if(free_slot < 0)
- free_slot = erased_slot;
- }
+ /* erase old pid */
+ DEBUG(5,("smb_shm_register_process : erasing stale record \
+for pid %d (seek_back = %.0f)\n", (int)other_pid, (double)seek_back));
+ other_pid = (pid_t)0;
+ if((erased_slot = sys_lseek(smb_shm_processes_fd,
+ seek_back, SEEK_CUR)) == -1)
+ {
+ DEBUG(0, ("ERROR smb_shm_register_process : sys_lseek failed \
+with error %s\n", strerror(errno)));
+ close(smb_shm_processes_fd);
+ return False;
+ }
+
+ if(write(smb_shm_processes_fd, &other_pid, sizeof(other_pid)) == -1)
+ {
+ DEBUG(0, ("ERROR smb_shm_register_process : write failed \
+with error %s\n", strerror(errno)));
+ close(smb_shm_processes_fd);
+ return False;
+ }
+
+ if(free_slot < 0)
+ free_slot = erased_slot;
}
- else
- if(free_slot < 0)
- free_slot = sys_lseek(smb_shm_processes_fd, seek_back, SEEK_CUR);
- }
- if (nb_read < 0)
- {
- DEBUG(0,("ERROR smb_shm_register_process : processreg_file read failed with code %s\n",strerror(errno)));
+ }
+ else
+ {
+ if(free_slot < 0)
+ {
+ if((free_slot = sys_lseek(smb_shm_processes_fd,
+ seek_back, SEEK_CUR))==-1)
+ {
+ DEBUG(0, ("ERROR smb_shm_register_process : sys_lseek \
+failed with error %s\n", strerror(errno)));
+ close(smb_shm_processes_fd);
+ return False;
+ }
+ } /* end if free_slot */
+ } /* end else */
+ } /* end if other_pid */
+
+ if (nb_read < 0)
+ {
+ DEBUG(0,("ERROR smb_shm_register_process : processreg_file read \
+failed with code %s\n",strerror(errno)));
+ close(smb_shm_processes_fd);
+ return False;
+ }
+
+ if(free_slot < 0)
+ {
+ if((free_slot = sys_lseek(smb_shm_processes_fd, 0, SEEK_END)) == -1)
+ {
+ DEBUG(0,("ERROR smb_shm_register_process : sys_lseek failed with code %s\n",strerror(errno)));
close(smb_shm_processes_fd);
return False;
- }
-
- if(free_slot < 0)
- free_slot = sys_lseek(smb_shm_processes_fd, 0, SEEK_END);
+ }
+ }
- DEBUG(5,("smb_shm_register_process : writing record for pid %d at offset %.0f\n",
+ DEBUG(5,("smb_shm_register_process : writing record for pid %d at offset %.0f\n",
(int)pid, (double)free_slot));
- sys_lseek(smb_shm_processes_fd, free_slot, SEEK_SET);
- if(write(smb_shm_processes_fd, &pid, sizeof(pid)) < 0)
- {
- DEBUG(0,("ERROR smb_shm_register_process : processreg_file write failed with code %s\n",strerror(errno)));
- close(smb_shm_processes_fd);
- return False;
- }
+ if(sys_lseek(smb_shm_processes_fd, free_slot, SEEK_SET) == -1)
+ {
+ DEBUG(0,("ERROR smb_shm_register_process : sys_lseek failed with code %s\n",strerror(errno)));
+ close(smb_shm_processes_fd);
+ return False;
+ }
- close(smb_shm_processes_fd);
+ if(write(smb_shm_processes_fd, &pid, sizeof(pid)) == -1)
+ {
+ DEBUG(0,("ERROR smb_shm_register_process : processreg_file write failed with code %s\n",strerror(errno)));
+ close(smb_shm_processes_fd);
+ return False;
+ }
- return True;
+ close(smb_shm_processes_fd);
+
+ return True;
}
static BOOL smb_shm_unregister_process(char *processreg_file, pid_t pid)
@@ -754,136 +796,164 @@ static struct shmem_ops shmops = {
******************************************************************/
struct shmem_ops *smb_shm_open(int ronly)
{
- pstring file_name;
- SMB_OFF_T filesize;
- BOOL created_new = False;
- BOOL other_processes = True;
- SMB_OFF_T size = (SMB_OFF_T)lp_shmem_size();
-
- read_only = ronly;
+ pstring file_name;
+ SMB_OFF_T filesize;
+ BOOL created_new = False;
+ BOOL other_processes = True;
+ SMB_OFF_T size = (SMB_OFF_T)lp_shmem_size();
- pstrcpy(file_name,lp_lockdir());
- if (!directory_exist(file_name,NULL)) {
- if (read_only) return NULL;
- mkdir(file_name,0755);
- }
- trim_string(file_name,"","/");
- if (!*file_name) return(False);
- pstrcat(file_name, "/SHARE_MEM_FILE");
-
- DEBUG(5,("smb_shm_open : using shmem file %s to be of size %.0f\n",file_name,(double)size));
-
- smb_shm_fd = open(file_name, read_only?O_RDONLY:(O_RDWR|O_CREAT),
- SHM_FILE_MODE);
+ read_only = ronly;
- if ( smb_shm_fd < 0 )
- {
- DEBUG(0,("ERROR smb_shm_open : open failed with code %s\n",strerror(errno)));
+ pstrcpy(file_name,lp_lockdir());
+ if (!directory_exist(file_name,NULL)) {
+ if (read_only)
return NULL;
- }
-
- if (!smb_shm_global_lock())
- {
- DEBUG(0,("ERROR smb_shm_open : can't do smb_shm_global_lock\n"));
- return NULL;
- }
-
- if( (filesize = sys_lseek(smb_shm_fd, 0, SEEK_END)) < 0)
- {
- DEBUG(0,("ERROR smb_shm_open : lseek failed with code %s\n",strerror(errno)));
- smb_shm_global_unlock();
- close(smb_shm_fd);
- return NULL;
- }
-
- /* return the file offset to 0 to save on later seeks */
- sys_lseek(smb_shm_fd,0,SEEK_SET);
-
- if (filesize == 0)
- {
- /* we just created a new one */
- created_new = True;
- }
-
- /* to find out if some other process is already mapping the file,
- we use a registration file containing the processids of the file mapping processes
- */
-
- /* construct processreg file name */
- pstrcpy(smb_shm_processreg_name, file_name);
- pstrcat(smb_shm_processreg_name, ".processes");
-
- if (!read_only &&
- !smb_shm_register_process(smb_shm_processreg_name, getpid(), &other_processes))
- {
+ mkdir(file_name,0755);
+ }
+ trim_string(file_name,"","/");
+ if (!*file_name)
+ return(False);
+ pstrcat(file_name, "/SHARE_MEM_FILE");
+
+ DEBUG(5,("smb_shm_open : using shmem file %s to be of size %.0f\n",
+ file_name,(double)size));
+
+ smb_shm_fd = open(file_name, read_only?O_RDONLY:(O_RDWR|O_CREAT),
+ SHM_FILE_MODE);
+
+ if ( smb_shm_fd < 0 )
+ {
+ DEBUG(0,("ERROR smb_shm_open : open failed with code %s\n",strerror(errno)));
+ return NULL;
+ }
+
+ if (!smb_shm_global_lock())
+ {
+ DEBUG(0,("ERROR smb_shm_open : can't do smb_shm_global_lock\n"));
+ return NULL;
+ }
+
+ if( (filesize = sys_lseek(smb_shm_fd, 0, SEEK_END)) == -1)
+ {
+ DEBUG(0,("ERROR smb_shm_open : sys_lseek failed with code %s\n",
+ strerror(errno)));
+ smb_shm_global_unlock();
+ close(smb_shm_fd);
+ return NULL;
+ }
+
+ /*
+ * Return the file offset to 0 to save on later seeks.
+ */
+ if(sys_lseek(smb_shm_fd,0,SEEK_SET) == -1)
+ {
+ DEBUG(0,("ERROR smb_shm_open : sys_lseek failed with code %s\n",
+ strerror(errno)));
+ smb_shm_global_unlock();
+ close(smb_shm_fd);
+ return NULL;
+ }
+
+ if (filesize == 0)
+ {
+ /*
+ * We just created a new one.
+ */
+ created_new = True;
+ }
+
+ /*
+ * To find out if some other process is already mapping the file,
+ * we use a registration file containing the processids of the file
+ * mapping processes.
+ */
+
+ /* construct processreg file name */
+ pstrcpy(smb_shm_processreg_name, file_name);
+ pstrcat(smb_shm_processreg_name, ".processes");
+
+ if (!read_only && !smb_shm_register_process(smb_shm_processreg_name,
+ getpid(), &other_processes))
+ {
+ smb_shm_global_unlock();
+ close(smb_shm_fd);
+ return NULL;
+ }
+
+ if (!read_only && (created_new || !other_processes))
+ {
+ /* we just created a new one, or are the first opener, lets set it size */
+ if( sys_ftruncate(smb_shm_fd, size) <0)
+ {
+ DEBUG(0,("ERROR smb_shm_open : ftruncate failed with code %s\n",
+ strerror(errno)));
+ smb_shm_unregister_process(smb_shm_processreg_name, getpid());
smb_shm_global_unlock();
close(smb_shm_fd);
return NULL;
- }
-
- if (!read_only && (created_new || !other_processes))
- {
- /* we just created a new one, or are the first opener, lets set it size */
- if( sys_ftruncate(smb_shm_fd, size) <0)
- {
- DEBUG(0,("ERROR smb_shm_open : ftruncate failed with code %s\n",strerror(errno)));
- smb_shm_unregister_process(smb_shm_processreg_name, getpid());
- smb_shm_global_unlock();
- close(smb_shm_fd);
- return NULL;
- }
-
- /* paranoia */
- sys_lseek(smb_shm_fd,0,SEEK_SET);
-
- filesize = size;
- }
-
- if (size != filesize )
- {
- /* the existing file has a different size and we are not the first opener.
- Since another process is still using it, we will use the file size */
- DEBUG(0,("WARNING smb_shm_open : filesize (%.0f) != expected size (%.0f), using filesize\n",
- (double)filesize, (double)size));
+ }
- size = filesize;
- }
-
- smb_shm_header_p = (struct SmbShmHeader *)mmap(NULL, size,
- read_only?PROT_READ:
- (PROT_READ | PROT_WRITE),
- MAP_FILE | MAP_SHARED,
- smb_shm_fd, 0);
- /* WARNING, smb_shm_header_p can be different for different processes mapping the same file ! */
- if (smb_shm_header_p == (struct SmbShmHeader *)(-1))
- {
- DEBUG(0,("ERROR smb_shm_open : mmap failed with code %s\n",strerror(errno)));
+ /* paranoia */
+ if(sys_lseek(smb_shm_fd,0,SEEK_SET) == -1)
+ {
+ DEBUG(0,("ERROR smb_shm_open : sys_lseek failed with code %s\n",
+ strerror(errno)));
smb_shm_unregister_process(smb_shm_processreg_name, getpid());
smb_shm_global_unlock();
close(smb_shm_fd);
return NULL;
- }
+ }
+
+ filesize = size;
+ }
+
+ if (size != filesize )
+ {
+ /* the existing file has a different size and we are not the first opener.
+ Since another process is still using it, we will use the file size */
+ DEBUG(0,("WARNING smb_shm_open : filesize (%.0f) != expected \
+size (%.0f), using filesize\n", (double)filesize, (double)size));
+
+ size = filesize;
+ }
+
+ smb_shm_header_p = (struct SmbShmHeader *)mmap(NULL, size,
+ read_only?PROT_READ: (PROT_READ | PROT_WRITE),
+ MAP_FILE | MAP_SHARED, smb_shm_fd, 0);
+
+ /*
+ * WARNING, smb_shm_header_p can be different for different
+ * processes mapping the same file !
+ */
+ if (smb_shm_header_p == (struct SmbShmHeader *)(-1))
+ {
+ DEBUG(0,("ERROR smb_shm_open : mmap failed with code %s\n",strerror(errno)));
+ smb_shm_unregister_process(smb_shm_processreg_name, getpid());
+ smb_shm_global_unlock();
+ close(smb_shm_fd);
+ return NULL;
+ }
- if (!read_only && (created_new || !other_processes))
- {
- smb_shm_initialize(size);
- /* Create the hash buckets for the share file entries. */
- smb_shm_create_hash_table(SHMEM_HASH_SIZE);
- }
- else if (!smb_shm_validate_header(size) )
- {
- /* existing file is corrupt, samba admin should remove it by hand */
- DEBUG(0,("ERROR smb_shm_open : corrupt shared mem file, remove it manually\n"));
- munmap((caddr_t)smb_shm_header_p, size);
- smb_shm_unregister_process(smb_shm_processreg_name, getpid());
- smb_shm_global_unlock();
- close(smb_shm_fd);
- return NULL;
- }
+ if (!read_only && (created_new || !other_processes))
+ {
+ smb_shm_initialize(size);
+ /* Create the hash buckets for the share file entries. */
+ smb_shm_create_hash_table(SHMEM_HASH_SIZE);
+ }
+ else if (!smb_shm_validate_header(size) )
+ {
+ /* existing file is corrupt, samba admin should remove it by hand */
+ DEBUG(0,("ERROR smb_shm_open : corrupt shared mem file, remove it manually\n"));
+ munmap((caddr_t)smb_shm_header_p, size);
+ smb_shm_unregister_process(smb_shm_processreg_name, getpid());
+ smb_shm_global_unlock();
+ close(smb_shm_fd);
+ return NULL;
+ }
- smb_shm_global_unlock();
- return &shmops;
+ smb_shm_global_unlock();
+ return &shmops;
}
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 0170fa54972..af74e40f6a5 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -166,7 +166,11 @@ BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOO
}
if (Clear && crec.pid && !process_exists(crec.pid)) {
- sys_lseek(fd,i*sizeof(crec),SEEK_SET);
+ if(sys_lseek(fd,i*sizeof(crec),SEEK_SET) != i*sizeof(crec)) {
+ DEBUG(0,("claim_connection: ERROR: sys_lseek failed to seek \
+to %d\n", i*sizeof(crec) ));
+ continue;
+ }
bzero((void *)&crec,sizeof(crec));
write(fd, &crec,sizeof(crec));
if (foundi < 0) foundi = i;
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
index ebc4544a769..c7ffb6412dd 100644
--- a/source3/smbd/fileio.c
+++ b/source3/smbd/fileio.c
@@ -31,11 +31,20 @@ seek a file. Try to avoid the seek if possible
SMB_OFF_T seek_file(files_struct *fsp,SMB_OFF_T pos)
{
SMB_OFF_T offset = 0;
+ SMB_OFF_T seek_ret;
if (fsp->print_file && lp_postscript(fsp->conn->service))
offset = 3;
- fsp->pos = (sys_lseek(fsp->fd_ptr->fd,pos+offset,SEEK_SET) - offset);
+ seek_ret = sys_lseek(fsp->fd_ptr->fd,pos+offset,SEEK_SET);
+
+ if((seek_ret == -1) || (seek_ret != pos+offset)) {
+ DEBUG(0,("seek_file: sys_lseek failed. Error was %s\n", strerror(errno) ));
+ fsp->pos = -1;
+ return -1;
+ }
+
+ fsp->pos = seek_ret - offset;
DEBUG(10,("seek_file: requested pos = %.0f, new pos = %.0f\n",
(double)(pos+offset), (double)fsp->pos ));
@@ -75,7 +84,7 @@ ssize_t read_file(files_struct *fsp,char *data,SMB_OFF_T pos,size_t n)
}
#endif
- if (seek_file(fsp,pos) != pos) {
+ if (seek_file(fsp,pos) == -1) {
DEBUG(3,("read_file: Failed to seek to %.0f\n",(double)pos));
return(ret);
}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index d801ce4a630..bcb408c2a69 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1844,6 +1844,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
#if UNSAFE_READRAW
{
+ BOOL seek_fail = False;
int predict=0;
_smb_setlen(header,nread);
@@ -1852,11 +1853,18 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
predict = read_predict(fsp->fd_ptr->fd,startpos,header+4,NULL,nread);
#endif /* USE_READ_PREDICTION */
- if ((nread-predict) > 0)
- seek_file(fsp,startpos + predict);
-
- ret = (ssize_t)transfer_file(fsp->fd_ptr->fd,Client,(SMB_OFF_T)(nread-predict),header,4+predict,
- startpos+predict);
+ if ((nread-predict) > 0) {
+ if(seek_file(fsp,startpos + predict) == -1) {
+ DEBUG(0,("reply_readbraw: ERROR: seek_file failed.\n"));
+ ret = 0;
+ seek_fail = True;
+ }
+ }
+
+ if(!seek_fail)
+ ret = (ssize_t)transfer_file(fsp->fd_ptr->fd,Client,
+ (SMB_OFF_T)(nread-predict),header,4+predict,
+ startpos+predict);
}
if (ret != nread+4)
@@ -2065,8 +2073,10 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int dum_s
if (is_locked(fsp,conn,tcount,startpos, F_WRLCK))
return(ERROR(ERRDOS,ERRlock));
- if (seek_file(fsp,startpos) != startpos)
+ if (seek_file(fsp,startpos) == -1) {
DEBUG(0,("couldn't seek to %.0f in writebraw\n",(double)startpos));
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
+ }
if (numtowrite>0)
nwritten = write_file(fsp,data,numtowrite);
@@ -2153,7 +2163,8 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, int dum
if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
return(ERROR(ERRDOS,ERRlock));
- seek_file(fsp,startpos);
+ if(seek_file(fsp,startpos) == -1)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
/* The special X/Open SMB protocol handling of
zero length writes is *NOT* done for
@@ -2205,7 +2216,8 @@ int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int dum_size,i
if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
return(ERROR(ERRDOS,ERRlock));
- seek_file(fsp,startpos);
+ if(seek_file(fsp,startpos) == -1)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
/* X/Open SMB protocol says that if smb_vwv1 is
zero then the file size should be extended or
@@ -2272,7 +2284,8 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng
if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
return(ERROR(ERRDOS,ERRlock));
- seek_file(fsp,startpos);
+ if(seek_file(fsp,startpos) == -1)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
/* X/Open SMB protocol says that, unlike SMBwrite
if the length is zero then NO truncation is
@@ -2331,7 +2344,9 @@ int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
umode = SEEK_SET; break;
}
- res = sys_lseek(fsp->fd_ptr->fd,startpos,umode);
+ if((res = sys_lseek(fsp->fd_ptr->fd,startpos,umode)) == -1)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
+
fsp->pos = res;
outsize = set_message(outbuf,2,0,True);
@@ -2469,7 +2484,8 @@ int reply_writeclose(connection_struct *conn,
if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
return(ERROR(ERRDOS,ERRlock));
- seek_file(fsp,startpos);
+ if(seek_file(fsp,startpos) == -1)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
nwritten = write_file(fsp,data,numtowrite);
@@ -3312,7 +3328,7 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun,
{
int Access,action;
SMB_STRUCT_STAT st;
- int ret=0;
+ int ret=-1;
files_struct *fsp1,*fsp2;
pstring dest;
@@ -3357,7 +3373,15 @@ static BOOL copy_file(char *src,char *dest1,connection_struct *conn, int ofun,
}
if ((ofun&3) == 1) {
- sys_lseek(fsp2->fd_ptr->fd,0,SEEK_END);
+ if(sys_lseek(fsp2->fd_ptr->fd,0,SEEK_END) == -1) {
+ DEBUG(0,("copy_file: error - sys_lseek returned error %s\n",
+ strerror(errno) ));
+ /*
+ * Stop the copy from occurring.
+ */
+ ret = -1;
+ st.st_size = 0;
+ }
}
if (st.st_size)
@@ -3807,7 +3831,9 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int dum_s
if (is_locked(fsp,conn,tcount,startpos,F_WRLCK))
return(ERROR(ERRDOS,ERRlock));
- seek_file(fsp,startpos);
+ if(seek_file(fsp,startpos) == -1)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
+
nwritten = write_file(fsp,data,numtowrite);
if(lp_syncalways(SNUM(conn)) || write_through)
@@ -3909,7 +3935,18 @@ int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_siz
if(wbms->wr_discard)
return -1; /* Just discard the packet */
- seek_file(fsp,startpos);
+ if(seek_file(fsp,startpos) == -1)
+ {
+ if(write_through)
+ {
+ /* We are returning an error - we can delete the aux struct */
+ if (wbms) free((char *)wbms);
+ fsp->wbmpx_ptr = NULL;
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
+ }
+ return(CACHE_ERROR(wbms,ERRDOS,ERRnoaccess));
+ }
+
nwritten = write_file(fsp,data,numtowrite);
if(lp_syncalways(SNUM(conn)) || write_through)
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f9186115f56..62bfb612e5a 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1253,7 +1253,8 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
DEBUG(3,("fstat of fnum %d failed (%s)\n",fsp->fnum, strerror(errno)));
return(UNIXERROR(ERRDOS,ERRbadfid));
}
- pos = sys_lseek(fsp->fd_ptr->fd,0,SEEK_CUR);
+ if((pos = sys_lseek(fsp->fd_ptr->fd,0,SEEK_CUR)) == -1)
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
} else {
/* qpathinfo */
info_level = SVAL(params,0);