From: Andrew Tridgell Date: Tue, 28 Dec 2004 23:28:02 +0000 (+0000) Subject: r4383: in order to cope with overfilled buffers on trans2 findfirst we need to use... X-Git-Tag: samba-4.0.0alpha6~801^3~12208 X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=0a1342f51ee11d1030a4932ee43feec821aa93bf;ds=sidebyside r4383: in order to cope with overfilled buffers on trans2 findfirst we need to use 32 bit offsets and lengths in trans2 fill code, even though the packets themselves can only use 16 bit lengths. This prevents the overflow detection code from failing due to 16 bit length wrap. (This used to be commit 5cd74c22e99bc78e1f3ddf3f098790c4b4b87b4f) --- diff --git a/source4/smb_server/trans2.c b/source4/smb_server/trans2.c index 2f2629a3ea0..8aa60daa6df 100644 --- a/source4/smb_server/trans2.c +++ b/source4/smb_server/trans2.c @@ -119,8 +119,8 @@ static size_t trans2_pull_blob_string(struct smbsrv_request *req, */ static size_t trans2_push_data_string(struct smbsrv_request *req, struct smb_trans2 *trans, - uint16_t len_offset, - uint16_t offset, + uint32_t len_offset, + uint32_t offset, const WIRE_STRING *str, int dest_len, int flags) @@ -193,7 +193,7 @@ static void trans2_append_data_string(struct smbsrv_request *req, int flags) { size_t ret; - uint16_t offset; + uint32_t offset; const int max_bytes_per_char = 3; offset = trans->out.data.length; @@ -718,7 +718,7 @@ static NTSTATUS trans2_fileinfo_fill(struct smbsrv_request *req, struct smb_tran SSVAL(trans->out.params.data, 0, 0); for (i=0;istream_info.out.num_streams;i++) { - uint16_t data_size = trans->out.data.length; + uint32_t data_size = trans->out.data.length; uint8_t *data; trans2_grow_data(req, trans, data_size + 24); @@ -1277,7 +1277,8 @@ static NTSTATUS trans2_findfirst(struct smbsrv_request *req, struct smb_trans2 * } } - /* setup the private state structure that the backend will give us in the callback */ + /* setup the private state structure that the backend will + give us in the callback */ state.req = req; state.trans = trans; state.level = search.t2ffirst.level;