From 9ad1b4cda04269dd50a719b4f65de2579d0da220 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 28 Feb 2010 18:45:41 +0100 Subject: [PATCH] s3: Fix the CHAIN1 torture test I've tried to solve this just within cli_smb_recv(), but I could not find a way to sanely determine when we are receiving the last entry in the chain just from looking at the blob. This solves it in an a bit more brutal way... --- source3/libsmb/async_smb.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 520861c4c59..2f1f45c0a68 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -201,6 +201,7 @@ struct cli_smb_state { uint8_t *inbuf; uint32_t seqnum; int chain_num; + int chain_length; struct tevent_req **chained_requests; }; @@ -710,6 +711,8 @@ static void cli_smb_received(struct tevent_req *subreq) state->inbuf = talloc_move(state, &inbuf); talloc_set_destructor(req, NULL); cli_smb_req_destructor(req); + state->chain_num = 0; + state->chain_length = 1; tevent_req_done(req); } else { struct tevent_req **chain = talloc_move( @@ -721,6 +724,7 @@ static void cli_smb_received(struct tevent_req *subreq) cli_smb_state); state->inbuf = inbuf; state->chain_num = i; + state->chain_length = num_chained; tevent_req_done(chain[i]); } TALLOC_FREE(inbuf); @@ -870,7 +874,11 @@ no_err: *pbytes = (uint8_t *)state->inbuf + bytes_offset + 2; } if ((mem_ctx != NULL) && (pinbuf != NULL)) { - *pinbuf = talloc_move(mem_ctx, &state->inbuf); + if (state->chain_num == state->chain_length-1) { + *pinbuf = talloc_move(mem_ctx, &state->inbuf); + } else { + *pinbuf = state->inbuf; + } } return status; -- 2.34.1