/* The following is safe from integer wrap as we've already checked
smb_maxcnt is 128k or less. Wct is 12 for read replies */
- bufsize = smb_size + 12 * 2 + smb_maxcnt;
+ bufsize = smb_size + 12 * 2 + smb_maxcnt + 1 /* padding byte */;
if ((aio_ex = create_aio_extra(NULL, fsp, bufsize)) == NULL) {
DEBUG(10,("schedule_aio_read_and_X: malloc fail.\n"));
construct_reply_common_req(smbreq, (char *)aio_ex->outbuf.data);
srv_set_message((char *)aio_ex->outbuf.data, 12, 0, True);
SCVAL(aio_ex->outbuf.data,smb_vwv0,0xFF); /* Never a chained reply. */
+ SCVAL(smb_buf(aio_ex->outbuf.data), 0, 0); /* padding byte */
init_strict_lock_struct(fsp, (uint64_t)smbreq->smbpid,
(uint64_t)startpos, (uint64_t)smb_maxcnt, READ_LOCK,
aio_ex->offset = startpos;
req = SMB_VFS_PREAD_SEND(aio_ex, fsp->conn->sconn->ev_ctx,
- fsp, smb_buf(aio_ex->outbuf.data),
+ fsp,
+ smb_buf(aio_ex->outbuf.data) + 1 /* pad */,
smb_maxcnt, startpos);
if (req == NULL) {
DEBUG(0,("schedule_aio_read_and_X: aio_read failed. "
files_struct *fsp = aio_ex->fsp;
int outsize;
char *outbuf = (char *)aio_ex->outbuf.data;
- char *data = smb_buf(outbuf);
+ char *data = smb_buf(outbuf) + 1 /* padding byte */;
ssize_t nread;
int err;
ERROR_NT(map_nt_error_from_unix(err));
outsize = srv_set_message(outbuf,0,0,true);
} else {
- outsize = srv_set_message(outbuf, 12, nread, False);
+ outsize = srv_set_message(outbuf, 12,
+ nread + 1 /* padding byte */, false);
SSVAL(outbuf,smb_vwv2, 0xFFFF); /* Remaining - must be * -1. */
SSVAL(outbuf,smb_vwv5, nread);
SSVAL(outbuf,smb_vwv6, smb_offset(data,outbuf));
state->smb_maxcnt = SVAL(req->vwv+5, 0);
state->smb_mincnt = SVAL(req->vwv+6, 0);
- reply_outbuf(req, 12, state->smb_maxcnt);
+ reply_outbuf(req, 12, state->smb_maxcnt + 1 /* padding byte */);
SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
+ SCVAL(smb_buf(req->outbuf), 0, 0); /* padding byte */
- data = (uint8_t *)smb_buf(req->outbuf);
+ data = (uint8_t *)smb_buf(req->outbuf) + 1 /* padding byte */;
/*
* We have to tell the upper layers that we're async.
req->outbuf = state->outbuf;
state->outbuf = NULL;
- srv_set_message((char *)req->outbuf, 12, nread, False);
+ srv_set_message((char *)req->outbuf, 12, nread + 1 /* padding byte */,
+ false);
#if 0
/*
(smb_wct - 4) /* offset from smb header to wct */
+ 1 /* the wct field */
+ 12 * sizeof(uint16_t) /* vwv */
- + 2); /* the buflen field */
+ + 2 /* the buflen field */
+ + 1); /* padding byte */
SSVAL(req->outbuf,smb_vwv11,state->smb_maxcnt);
DEBUG(3,("readX-IPC min=%d max=%d nread=%d\n",
bytes_addr = outbuf + ofs /* vwv start */
+ sizeof(uint16_t) * wct /* vwv array */
- + sizeof(uint16_t); /* bcc */
+ + sizeof(uint16_t) /* bcc */
+ + 1; /* padding byte */
SSVAL(outbuf + ofs, 6 * sizeof(uint16_t),
bytes_addr - outbuf - 4);
{
int outsize;
- outsize = srv_set_message(outbuf,12,smb_maxcnt,False);
+ outsize = srv_set_message(outbuf,12,smb_maxcnt + 1 /* padding byte */,
+ False);
memset(outbuf+smb_vwv0,'\0',24); /* valgrind init. */
(smb_wct - 4) /* offset from smb header to wct */
+ 1 /* the wct field */
+ 12 * sizeof(uint16_t) /* vwv */
- + 2); /* the buflen field */
+ + 2 /* the buflen field */
+ + 1); /* padding byte */
SSVAL(outbuf,smb_vwv7,(smb_maxcnt >> 16));
SSVAL(outbuf,smb_vwv11,smb_maxcnt);
+ SCVAL(smb_buf(outbuf), 0, 0); /* padding byte */
/* Reset the outgoing length, set_message truncates at 0x1FFFF. */
- _smb_setlen_large(outbuf,(smb_size + 12*2 + smb_maxcnt - 4));
+ _smb_setlen_large(outbuf,
+ smb_size + 12*2 + smb_maxcnt - 4 + 1 /* pad */);
return outsize;
}
(fsp->base_fsp == NULL) &&
(fsp->wcp == NULL) &&
lp_use_sendfile(SNUM(conn), xconn->smb1.signing_state) ) {
- uint8 headerbuf[smb_size + 12 * 2];
+ uint8 headerbuf[smb_size + 12 * 2 + 1 /* padding byte */];
DATA_BLOB header;
if(fsp_stat(fsp) == -1) {
normal_read:
if ((smb_maxcnt & 0xFF0000) > 0x10000) {
- uint8 headerbuf[smb_size + 2*12];
+ uint8 headerbuf[smb_size + 2*12 + 1 /* padding byte */];
ssize_t ret;
construct_reply_common_req(req, (char *)headerbuf);
nosendfile_read:
- reply_outbuf(req, 12, smb_maxcnt);
+ reply_outbuf(req, 12, smb_maxcnt + 1 /* padding byte */);
SSVAL(req->outbuf, smb_vwv0, 0xff); /* andx chain ends */
SSVAL(req->outbuf, smb_vwv1, 0); /* no andx offset */
- nread = read_file(fsp, smb_buf(req->outbuf), startpos, smb_maxcnt);
+ nread = read_file(fsp, smb_buf(req->outbuf) + 1 /* padding byte */,
+ startpos, smb_maxcnt);
saved_errno = errno;
SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
size_t max_pdu = calc_max_read_pdu(req);
size_t total_size = 0;
size_t hdr_len = MIN_SMB_SIZE + VWV(12);
- size_t max_len = max_pdu - hdr_len;
+ size_t max_len = max_pdu - hdr_len - 1 /* padding byte */;
/*
* Windows explicitly ignores upper size of 0xFFFF.