git.samba.org / jra / samba / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7a35506)
Do not write into inbuf for the transs request
authorVolker Lendecke <vl@samba.org>
Fri, 7 Nov 2008 19:38:05 +0000 (20:38 +0100)
committerVolker Lendecke <vl@samba.org>
Sat, 8 Nov 2008 09:42:29 +0000 (10:42 +0100)
Instead, fix up the outbuf in send_xx_reply. In those routines, we know
what we are returning.

source3/smbd/blocking.c patch | blob | history
source3/smbd/ipc.c patch | blob | history
source3/smbd/nttrans.c patch | blob | history
source3/smbd/trans2.c patch | blob | history

diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c
index 87ae3ca2726bd3f1267ccd278ab7bb79e4072d65..2237a89ace6be3d9e8b9df1e369a1523843cfa46 100644 (file)
--- a/source3/smbd/blocking.c
+++ b/source3/smbd/blocking.c
@@ -505,7 +505,6 @@ static bool process_trans2(blocking_lock_record *blr)
 
        /* We finally got the lock, return success. */
 
-       SCVAL(blr->req->inbuf, smb_com, SMBtrans2);
        SSVAL(params,0,0);
        /* Fake up max_data_bytes here - we know it fits. */
        send_trans2_replies(blr->fsp->conn, blr->req, params, 2, NULL, 0, 0xffff);
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index c7a44270f536e07e407ef9429212bc8ae85b610c..26a4212ec91f9fda3402be6c4626e67e18198000 100644 (file)
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -105,6 +105,12 @@ void send_trans_reply(connection_struct *conn,
 
        reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
 
+       /*
+        * We might have SMBtranss in req which was transferred to the outbuf,
+        * fix that.
+        */
+       SCVAL(req->outbuf, smb_com, SMBtrans);
+
        copy_trans_params_and_data((char *)req->outbuf, align,
                                rparam, tot_param_sent, this_lparam,
                                rdata, tot_data_sent, this_ldata);
@@ -155,6 +161,12 @@ void send_trans_reply(connection_struct *conn,
 
                reply_outbuf(req, 10, 1+align+this_ldata+this_lparam);
 
+               /*
+                * We might have SMBtranss in req which was transferred to the
+                * outbuf, fix that.
+                */
+               SCVAL(req->outbuf, smb_com, SMBtrans);
+
                copy_trans_params_and_data((char *)req->outbuf, align,
                                           rparam, tot_param_sent, this_lparam,
                                           rdata, tot_data_sent, this_ldata);
@@ -774,12 +786,6 @@ void reply_transs(struct smb_request *req)
                return;
        }
 
-        /*
-        * construct_reply_common will copy smb_com from inbuf to
-        * outbuf. SMBtranss is wrong here.
-         */
-        SCVAL(req->inbuf,smb_com,SMBtrans);
-
        handle_trans(conn, req, state);
 
        DLIST_REMOVE(conn->pending_trans, state);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index c7a8bf765065c87eac9dad7d5e93ecef37ecff66..1a13d962f016bf6125288e75a55b6100b52568dd 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -119,6 +119,11 @@ void send_nt_replies(connection_struct *conn,
                             total_sent_thistime + alignment_offset
                             + data_alignment_offset);
 
+               /*
+                * We might have had SMBnttranss in req->inbuf, fix that.
+                */
+               SCVAL(req->outbuf, smb_com, SMBnttrans);
+
                /*
                 * Set total params and data to be sent.
                 */
@@ -2829,12 +2834,6 @@ void reply_nttranss(struct smb_request *req)
                return;
        }
 
-       /*
-        * construct_reply_common will copy smb_com from inbuf to
-        * outbuf. SMBnttranss is wrong here.
-        */
-       SCVAL(req->inbuf,smb_com,SMBnttrans);
-
        handle_nttrans(conn, state, req);
 
        DLIST_REMOVE(conn->pending_trans, state);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index d0e3a68e8ab300b5f30add86a610b90f710e9d5b..c385c6ccb1705469daef9d5a2aada9440f4ecd68 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -768,6 +768,12 @@ void send_trans2_replies(connection_struct *conn,
                reply_outbuf(req, 10, total_sent_thistime + alignment_offset
                             + data_alignment_offset);
 
+               /*
+                * We might have SMBtrans2s in req which was transferred to
+                * the outbuf, fix that.
+                */
+               SCVAL(req->outbuf, smb_com, SMBtrans2);
+
                /* Set total params and data to be sent */
                SSVAL(req->outbuf,smb_tprcnt,paramsize);
                SSVAL(req->outbuf,smb_tdrcnt,datasize);
@@ -7822,12 +7828,6 @@ void reply_transs2(struct smb_request *req)
                return;
        }
 
-       /*
-        * construct_reply_common will copy smb_com from inbuf to
-        * outbuf. SMBtranss2 is wrong here.
-        */
-       SCVAL(req->inbuf,smb_com,SMBtrans2);
-
        handle_trans2(conn, req, state);
 
        DLIST_REMOVE(conn->pending_trans, state);
Experimental branches for jra