From 50ed940451e9d009f19e735074f8fcdb503f5c25 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 19 Aug 1996 13:54:58 +0000
Subject: fix a bug in the new chaining code

---
 source/smbd/server.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'source')

diff --git a/source/smbd/server.c b/source/smbd/server.c
index c3776845361..1fb6358794a 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -3225,7 +3225,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
 {
   static char *orig_inbuf;
   static char *orig_outbuf;
-  int smb_com2 = CVAL(inbuf,smb_vwv0);
+  int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
   unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
   char *inbuf2, *outbuf2;
   int outsize2;
@@ -3260,15 +3260,18 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
   inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
   outbuf2 = orig_outbuf + SVAL(outbuf,smb_vwv1) + 4 - smb_wct;
 
+  /* remember the original command type */
+  smb_com1 = CVAL(orig_outbuf,smb_com);
+
   /* save the data which will be overwritten by the new headers */
   memcpy(inbuf_saved,inbuf2,smb_wct);
   memcpy(outbuf_saved,outbuf2,smb_wct);
 
   /* give the new packet the same header as the first part of the SMB */
-  memcpy(inbuf2,orig_inbuf,smb_wct);
+  memmove(inbuf2,orig_inbuf,smb_wct);
 
   /* create the in buffer */
-  CVAL(outbuf2,smb_com) = smb_com2;
+  CVAL(inbuf2,smb_com) = smb_com2;
 
   /* create the out buffer */
   bzero(outbuf2,smb_size);
@@ -3296,9 +3299,8 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
 
   /* copy the new reply header over the old one, but preserve 
      the smb_com field */
-  smb_com2 = CVAL(orig_outbuf,smb_com);
   memmove(orig_outbuf,outbuf2,smb_wct);
-  CVAL(orig_outbuf,smb_com) = smb_com2;
+  CVAL(orig_outbuf,smb_com) = smb_com1;
 
   /* restore the saved data, being careful not to overwrite any
    data from the reply header */
@@ -3309,7 +3311,7 @@ int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
     memmove(outbuf2+ofs,outbuf_saved+ofs,smb_wct-ofs);
   }
 
-  return(outsize2 + chain_size);
+  return outsize2;
 }
 
 
@@ -3351,6 +3353,8 @@ int construct_reply(char *inbuf,char *outbuf,int size,int bufsize)
 
   outsize = switch_message(type,inbuf,outbuf,size,bufsize);
 
+  outsize += chain_size;
+
   if(outsize > 4)
     smb_setlen(outbuf,outsize - 4);
   return(outsize);
-- 
cgit