Fix crash bug with vl's new trans handling in old transs

calls. Make this look like the (working) transs2 handling
(replace inbuf, not write to outbuf - outbuf isn't allocated
yet so you get a null deref).
Jeremy.
(This used to be commit f04e37a630f8e7538d670d34db4ea7fc7c0b50a3)

diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 0360417c564e24e4d80b7cb95e8ff6a9d75f413e..eed293d50d41c51e7e655b84469404641d20c062 100644 (file)
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -752,7 +752,7 @@ void reply_transs(connection_struct *conn, struct smb_request *req)
                        goto bad_param;
 
                memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,
-                      dcnt);      
+                      dcnt);
        }
 
        if ((state->received_param < state->total_param) ||
@@ -761,10 +761,11 @@ void reply_transs(connection_struct *conn, struct smb_request *req)
                return;
        }
 
-       /* construct_reply_common has done us the favor to pre-fill the
-        * command field with SMBtranss which is wrong :-)
-        */
-       SCVAL(req->outbuf,smb_com,SMBtrans);
+        /*
+        * construct_reply_common will copy smb_com from inbuf to
+        * outbuf. SMBtranss is wrong here.
+         */
+        SCVAL(req->inbuf,smb_com,SMBtrans);
 
        handle_trans(conn, req, state);