diff options
| author | Jeremy Allison <jra@samba.org> | 2007-12-04 12:53:21 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2007-12-04 12:53:21 -0800 |
| commit | f04e37a630f8e7538d670d34db4ea7fc7c0b50a3 (patch) | |
| tree | 5d2bbe16cc9510bb540adbe39da0ac1dc10e1e03 /source | |
| parent | f1555f4f0d66e57fd19f200f842e4d05527accd5 (diff) | |
| download | samba-f04e37a630f8e7538d670d34db4ea7fc7c0b50a3.tar.gz samba-f04e37a630f8e7538d670d34db4ea7fc7c0b50a3.tar.xz samba-f04e37a630f8e7538d670d34db4ea7fc7c0b50a3.zip | |
Fix crash bug with vl's new trans handling in old transs
calls. Make this look like the (working) transs2 handling
(replace inbuf, not write to outbuf - outbuf isn't allocated
yet so you get a null deref).
Jeremy.
Diffstat (limited to 'source')
| -rw-r--r-- | source/smbd/ipc.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index 0360417c564..eed293d50d4 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -752,7 +752,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req) goto bad_param; memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + dcnt); } if ((state->received_param < state->total_param) || @@ -761,10 +761,11 @@ void reply_transs(connection_struct *conn, struct smb_request *req) return; } - /* construct_reply_common has done us the favor to pre-fill the - * command field with SMBtranss which is wrong :-) - */ - SCVAL(req->outbuf,smb_com,SMBtrans); + /* + * construct_reply_common will copy smb_com from inbuf to + * outbuf. SMBtranss is wrong here. + */ + SCVAL(req->inbuf,smb_com,SMBtrans); handle_trans(conn, req, state); |