extern int max_send;
extern enum protocol_types Protocol;
extern uint32 global_client_caps;
-extern struct current_user current_user;
#define get_file_size(sbuf) ((sbuf).st_size)
#define DIR_ENTRY_SAFETY_MARGIN 4096
char *p;
char **names, **tmp;
size_t num_names;
- ssize_t sizeret;
+ ssize_t sizeret = -1;
if (!lp_ea_support(SNUM(conn))) {
*pnames = NULL;
static struct ea_list *read_ea_name_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
{
struct ea_list *ea_list_head = NULL;
- size_t offset = 0;
+ size_t converted_size, offset = 0;
while (offset + 2 < data_size) {
struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list);
if (pdata[offset + namelen] != '\0') {
return NULL;
}
- pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset]);
+ if (!pull_ascii_talloc(ctx, &eal->ea.name, &pdata[offset],
+ &converted_size)) {
+ DEBUG(0,("read_ea_name_list: pull_ascii_talloc "
+ "failed: %s", strerror(errno)));
+ }
if (!eal->ea.name) {
return NULL;
}
struct ea_list *eal = TALLOC_ZERO_P(ctx, struct ea_list);
uint16 val_len;
unsigned int namelen;
+ size_t converted_size;
if (!eal) {
return NULL;
if (pdata[namelen + 4] != '\0') {
return NULL;
}
- pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4);
+ if (!pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4, &converted_size)) {
+ DEBUG(0,("read_ea_list_entry: pull_ascii_talloc failed: %s",
+ strerror(errno)));
+ }
if (!eal->ea.name) {
return NULL;
}
+ alignment_offset
+ data_alignment_offset);
- /* useable_space can never be more than max_send minus the alignment offset. */
-
- useable_space = MIN(useable_space, max_send - (alignment_offset+data_alignment_offset));
+ if (useable_space < 0) {
+ DEBUG(0, ("send_trans2_replies failed sanity useable_space "
+ "= %d!!!", useable_space));
+ exit_server_cleanly("send_trans2_replies: Not enough space");
+ }
while (params_to_send || data_to_send) {
/* Calculate whether we will totally or partially fill this packet */
- total_sent_thistime = params_to_send + data_to_send + alignment_offset + data_alignment_offset;
+ total_sent_thistime = params_to_send + data_to_send;
/* We can never send more than useable_space */
/*
* are sent here. Fix from Marc_Jacobsen@hp.com.
*/
- total_sent_thistime = MIN(total_sent_thistime, useable_space+ alignment_offset + data_alignment_offset);
+ total_sent_thistime = MIN(total_sent_thistime, useable_space);
- reply_outbuf(req, 10, total_sent_thistime);
+ reply_outbuf(req, 10, total_sent_thistime + alignment_offset
+ + data_alignment_offset);
/* Set total params and data to be sent */
SSVAL(req->outbuf,smb_tprcnt,paramsize);
}
size = get_file_size(sbuf);
- fattr = dos_mode(conn,fname,&sbuf);
+ fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
mtime = sbuf.st_mtime;
inode = sbuf.st_ino;
if (fattr & aDIR) {
SIVAL(params,20,inode);
SSVAL(params,24,0); /* Padding. */
if (flags & 8) {
- uint32 ea_size = estimate_ea_size(conn, fsp, fname);
+ uint32 ea_size = estimate_ea_size(conn, fsp, fsp->fsp_name);
SIVAL(params, 26, ea_size);
} else {
SIVAL(params, 26, 0);
return NT_STATUS_OK;
}
+/****************************************************************************
+ Needed to show the msdfs symlinks as directories. Modifies psbuf
+ to be a directory if it's a msdfs link.
+****************************************************************************/
+
+static bool check_msdfs_link(connection_struct *conn,
+ const char *pathname,
+ SMB_STRUCT_STAT *psbuf)
+{
+ int saved_errno = errno;
+ if(lp_host_msdfs() &&
+ lp_msdfs_root(SNUM(conn)) &&
+ is_msdfs_link(conn, pathname, psbuf)) {
+
+ DEBUG(5,("check_msdfs_link: Masquerading msdfs link %s "
+ "as a directory\n",
+ pathname));
+ psbuf->st_mode = (psbuf->st_mode & 0xFFF) | S_IFDIR;
+ errno = saved_errno;
+ return true;
+ }
+ errno = saved_errno;
+ return false;
+}
+
+
/****************************************************************************
Get a level dependent lanman2 dir entry.
****************************************************************************/
int info_level,
int requires_resume_key,
bool dont_descend,
+ bool ask_sharemode,
char **ppdata,
char *base_data,
char *end_data,
/* Needed to show the msdfs symlinks as
* directories */
- if(lp_host_msdfs() &&
- lp_msdfs_root(SNUM(conn)) &&
- ((ms_dfs_link = is_msdfs_link(conn, pathreal, &sbuf)) == True)) {
- DEBUG(5,("get_lanman2_dir_entry: Masquerading msdfs link %s "
- "as a directory\n",
- pathreal));
- sbuf.st_mode = (sbuf.st_mode & 0xFFF) | S_IFDIR;
-
- } else {
-
+ ms_dfs_link = check_msdfs_link(conn, pathreal, &sbuf);
+ if (!ms_dfs_link) {
DEBUG(5,("get_lanman2_dir_entry:Couldn't stat [%s] (%s)\n",
pathreal,strerror(errno)));
TALLOC_FREE(pathreal);
adate_ts = get_atimespec(&sbuf);
create_date_ts = get_create_timespec(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+ if (ask_sharemode) {
+ struct timespec write_time_ts;
+ struct file_id fileid;
+
+ fileid = vfs_file_id_from_sbuf(conn, &sbuf);
+ get_file_infos(fileid, NULL, &write_time_ts);
+ if (!null_timespec(write_time_ts)) {
+ mdate_ts = write_time_ts;
+ }
+ }
+
if (lp_dos_filetime_resolution(SNUM(conn))) {
dos_filetime_timespec(&create_date_ts);
dos_filetime_timespec(&mdate_ts);
bool requires_resume_key;
int info_level;
char *directory = NULL;
- const char *mask = NULL;
+ char *mask = NULL;
char *p;
int last_entry_off=0;
int dptr_num = -1;
SMB_STRUCT_STAT sbuf;
struct ea_list *ea_list = NULL;
NTSTATUS ntstatus = NT_STATUS_OK;
+ bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
TALLOC_CTX *ctx = talloc_tos();
if (total_params < 13) {
break;
case SMB_FIND_FILE_UNIX:
case SMB_FIND_FILE_UNIX_INFO2:
+ /* Always use filesystem for UNIX mtime query. */
+ ask_sharemode = false;
if (!lp_unix_extensions()) {
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
return;
}
- ntstatus = unix_convert(ctx, conn, directory, True, &directory, NULL, &sbuf);
+ ntstatus = unix_convert(ctx, conn, directory, True, &directory, &mask, &sbuf);
if (!NT_STATUS_IS_OK(ntstatus)) {
reply_nterror(req, ntstatus);
return;
if(p == NULL) {
/* Windows and OS/2 systems treat search on the root '\' as if it were '\*' */
if((directory[0] == '.') && (directory[1] == '\0')) {
- mask = "*";
+ mask = talloc_strdup(ctx,"*");
+ if (!mask) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
mask_contains_wcard = True;
- } else {
- mask = directory;
}
directory = talloc_strdup(talloc_tos(), "./");
if (!directory) {
return;
}
} else {
- mask = p+1;
*p = 0;
}
req->flags2,
mask,dirtype,info_level,
requires_resume_key,dont_descend,
+ ask_sharemode,
&p,pdata,data_end,
space_remaining, &out_of_space,
&got_exact_match,
int space_remaining;
struct ea_list *ea_list = NULL;
NTSTATUS ntstatus = NT_STATUS_OK;
+ bool ask_sharemode = lp_parm_bool(SNUM(conn), "smbd", "search ask sharemode", true);
TALLOC_CTX *ctx = talloc_tos();
if (total_params < 13) {
break;
case SMB_FIND_FILE_UNIX:
case SMB_FIND_FILE_UNIX_INFO2:
+ /* Always use filesystem for UNIX mtime query. */
+ ask_sharemode = false;
if (!lp_unix_extensions()) {
reply_nterror(req, NT_STATUS_INVALID_LEVEL);
return;
req->flags2,
mask,dirtype,info_level,
requires_resume_key,dont_descend,
+ ask_sharemode,
&p,pdata,data_end,
space_remaining, &out_of_space,
&got_exact_match,
fsp.fnum = -1;
/* access check */
- if (current_user.ut.uid != 0) {
- DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
- lp_servicename(SNUM(conn)),conn->user));
+ if (conn->server_info->utok.uid != 0) {
+ DEBUG(0,("set_user_quota: access_denied "
+ "service [%s] user [%s]\n",
+ lp_servicename(SNUM(conn)),
+ conn->server_info->unix_name));
reply_doserror(req, ERRDOS, ERRnoaccess);
return;
}
* in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Builtin_Guests,
- current_user.nt_user_token)) {
+ conn->server_info->ptok)) {
flags |= SMB_WHOAMI_GUEST;
}
* is in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Authenticated_Users,
- current_user.nt_user_token)) {
+ conn->server_info->ptok)) {
flags &= ~SMB_WHOAMI_GUEST;
}
+ 4 /* num_sids */
+ 4 /* SID bytes */
+ 4 /* pad/reserved */
- + (current_user.ut.ngroups * 8)
+ + (conn->server_info->utok.ngroups * 8)
/* groups list */
- + (current_user.nt_user_token->num_sids *
+ + (conn->server_info->ptok->num_sids *
SID_MAX_SIZE)
/* SID list */;
SIVAL(pdata, 0, flags);
SIVAL(pdata, 4, SMB_WHOAMI_MASK);
- SBIG_UINT(pdata, 8, (SMB_BIG_UINT)current_user.ut.uid);
- SBIG_UINT(pdata, 16, (SMB_BIG_UINT)current_user.ut.gid);
+ SBIG_UINT(pdata, 8,
+ (SMB_BIG_UINT)conn->server_info->utok.uid);
+ SBIG_UINT(pdata, 16,
+ (SMB_BIG_UINT)conn->server_info->utok.gid);
if (data_len >= max_data_bytes) {
break;
}
- SIVAL(pdata, 24, current_user.ut.ngroups);
- SIVAL(pdata, 28,
- current_user.nt_user_token->num_sids);
+ SIVAL(pdata, 24, conn->server_info->utok.ngroups);
+ SIVAL(pdata, 28, conn->server_info->num_sids);
/* We walk the SID list twice, but this call is fairly
* infrequent, and I don't expect that it's performance
* sensitive -- jpeach
*/
for (i = 0, sid_bytes = 0;
- i < current_user.nt_user_token->num_sids; ++i) {
+ i < conn->server_info->ptok->num_sids; ++i) {
sid_bytes += ndr_size_dom_sid(
- ¤t_user.nt_user_token->user_sids[i], 0);
+ &conn->server_info->ptok->user_sids[i],
+ 0);
}
/* SID list byte count */
data_len = 40;
/* GID list */
- for (i = 0; i < current_user.ut.ngroups; ++i) {
+ for (i = 0; i < conn->server_info->utok.ngroups; ++i) {
SBIG_UINT(pdata, data_len,
- (SMB_BIG_UINT)current_user.ut.groups[i]);
+ (SMB_BIG_UINT)conn->server_info->utok.groups[i]);
data_len += 8;
}
/* SID list */
for (i = 0;
- i < current_user.nt_user_token->num_sids; ++i) {
+ i < conn->server_info->ptok->num_sids; ++i) {
int sid_len = ndr_size_dom_sid(
- ¤t_user.nt_user_token->user_sids[i], 0);
+ &conn->server_info->ptok->user_sids[i],
+ 0);
sid_linearize(pdata + data_len, sid_len,
- ¤t_user.nt_user_token->user_sids[i]);
+ &conn->server_info->ptok->user_sids[i]);
data_len += sid_len;
}
}
DEBUG( 4,("call_trans2setfsinfo: "
- "request transport encrption.\n"));
+ "request transport encryption.\n"));
status = srv_request_encryption_setup(conn,
(unsigned char **)ppdata,
ZERO_STRUCT(quotas);
/* access check */
- if ((current_user.ut.uid != 0)||!CAN_WRITE(conn)) {
+ if ((conn->server_info->utok.uid != 0)
+ ||!CAN_WRITE(conn)) {
DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
- lp_servicename(SNUM(conn)),conn->user));
+ lp_servicename(SNUM(conn)),
+ conn->server_info->unix_name));
reply_doserror(req, ERRSRV, ERRaccess);
return;
}
* --metze
*/
fsp = file_fsp(SVAL(params,0));
- if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) {
+
+ if (!check_fsp_ntquota_handle(conn, req,
+ fsp)) {
DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n"));
reply_nterror(
req, NT_STATUS_INVALID_HANDLE);
size_t namelen;
smb_ucs2_t *namebuf;
- namelen = push_ucs2_talloc(talloc_tos(), &namebuf,
- streams[i].name);
-
- if ((namelen == (size_t)-1) || (namelen <= 2)) {
+ if (!push_ucs2_talloc(talloc_tos(), &namebuf,
+ streams[i].name, &namelen) ||
+ namelen <= 2)
+ {
return NT_STATUS_INVALID_PARAMETER;
}
int len;
time_t create_time, mtime, atime;
struct timespec create_time_ts, mtime_ts, atime_ts;
+ struct timespec write_time_ts;
files_struct *fsp = NULL;
struct file_id fileid;
struct ea_list *ea_list = NULL;
uint32 access_mask = 0x12019F; /* Default - GENERIC_EXECUTE mapping from Windows */
char *lock_data = NULL;
+ bool ms_dfs_link = false;
TALLOC_CTX *ctx = talloc_tos();
if (!params) {
}
ZERO_STRUCT(sbuf);
+ ZERO_STRUCT(write_time_ts);
if (tran_call == TRANSACT2_QFILEINFO) {
if (total_params < 4) {
}
/* Initial check for valid fsp ptr. */
- if (!check_fsp_open(conn, req, fsp, ¤t_user)) {
+ if (!check_fsp_open(conn, req, fsp)) {
return;
}
}
fileid = vfs_file_id_from_sbuf(conn, &sbuf);
- delete_pending = get_delete_on_close_flag(fileid);
+ get_file_infos(fileid, &delete_pending, &write_time_ts);
} else {
/*
* Original code - this is an open file.
*/
- if (!check_fsp(conn, req, fsp, ¤t_user)) {
+ if (!check_fsp(conn, req, fsp)) {
return;
}
}
pos = fsp->fh->position_information;
fileid = vfs_file_id_from_sbuf(conn, &sbuf);
- delete_pending = get_delete_on_close_flag(fileid);
+ get_file_infos(fileid, &delete_pending, &write_time_ts);
access_mask = fsp->access_mask;
}
reply_unixerror(req, ERRDOS, ERRbadpath);
return;
}
+
} else if (!VALID_STAT(sbuf) && SMB_VFS_STAT(conn,fname,&sbuf) && (info_level != SMB_INFO_IS_NAME_VALID)) {
- DEBUG(3,("call_trans2qfilepathinfo: SMB_VFS_STAT of %s failed (%s)\n",fname,strerror(errno)));
- reply_unixerror(req, ERRDOS, ERRbadpath);
- return;
+ ms_dfs_link = check_msdfs_link(conn,fname,&sbuf);
+
+ if (!ms_dfs_link) {
+ DEBUG(3,("call_trans2qfilepathinfo: SMB_VFS_STAT of %s failed (%s)\n",fname,strerror(errno)));
+ reply_unixerror(req, ERRDOS, ERRbadpath);
+ return;
+ }
}
fileid = vfs_file_id_from_sbuf(conn, &sbuf);
- delete_pending = get_delete_on_close_flag(fileid);
+ get_file_infos(fileid, &delete_pending, &write_time_ts);
if (delete_pending) {
reply_nterror(req, NT_STATUS_DELETE_PENDING);
return;
else
base_name = p+1;
- mode = dos_mode(conn,fname,&sbuf);
+ if (ms_dfs_link) {
+ mode = dos_mode_msdfs(conn,fname,&sbuf);
+ } else {
+ mode = dos_mode(conn,fname,&sbuf);
+ }
if (!mode)
mode = FILE_ATTRIBUTE_NORMAL;
allocation_size = get_allocation_size(conn,fsp,&sbuf);
- if (fsp) {
- if (!null_timespec(fsp->pending_modtime)) {
- /* the pending modtime overrides the current modtime */
- mtime_ts = fsp->pending_modtime;
- }
- } else {
- files_struct *fsp1;
+ if (!fsp) {
/* Do we have this path open ? */
+ files_struct *fsp1;
fileid = vfs_file_id_from_sbuf(conn, &sbuf);
fsp1 = file_find_di_first(fileid);
- if (fsp1 && !null_timespec(fsp1->pending_modtime)) {
- /* the pending modtime overrides the current modtime */
- mtime_ts = fsp1->pending_modtime;
- }
if (fsp1 && fsp1->initial_allocation_size) {
allocation_size = get_allocation_size(conn, fsp1, &sbuf);
}
}
+ if (!null_timespec(write_time_ts) && !INFO_LEVEL_IS_UNIX(info_level)) {
+ mtime_ts = write_time_ts;
+ }
+
if (lp_dos_filetime_resolution(SNUM(conn))) {
dos_filetime_timespec(&create_time_ts);
dos_filetime_timespec(&mtime_ts);
Deal with setting the time from any of the setfilepathinfo functions.
****************************************************************************/
-static NTSTATUS smb_set_file_time(connection_struct *conn,
- files_struct *fsp,
- const char *fname,
- const SMB_STRUCT_STAT *psbuf,
- struct timespec ts[2],
- bool setting_write_time)
+NTSTATUS smb_set_file_time(connection_struct *conn,
+ files_struct *fsp,
+ const char *fname,
+ const SMB_STRUCT_STAT *psbuf,
+ struct timespec ts[2],
+ bool setting_write_time)
{
uint32 action =
FILE_NOTIFY_CHANGE_LAST_ACCESS
}
}
- if(fsp != NULL) {
+ if (setting_write_time) {
/*
* This was a setfileinfo on an open file.
* NT does this a lot. We also need to
* away and will set it on file close and after a write. JRA.
*/
- if (!null_timespec(ts[1])) {
- DEBUG(10,("smb_set_file_time: setting pending modtime to %s\n",
- time_to_asc(convert_timespec_to_time_t(ts[1])) ));
- fsp_set_pending_modtime(fsp, ts[1]);
- }
+ DEBUG(10,("smb_set_file_time: setting pending modtime to %s\n",
+ time_to_asc(convert_timespec_to_time_t(ts[1])) ));
+ if (fsp != NULL) {
+ set_sticky_write_time_fsp(fsp, ts[1]);
+ } else {
+ set_sticky_write_time_path(conn, fname,
+ vfs_file_id_from_sbuf(conn, psbuf),
+ ts[1]);
+ }
}
+
DEBUG(10,("smb_set_file_time: setting utimes to modified values.\n"));
if(file_ntimes(conn, fname, ts)!=0) {
if (vfs_set_filelen(fsp, size) == -1) {
return map_nt_error_from_unix(errno);
}
+ trigger_write_time_update_immediate(fsp);
return NT_STATUS_OK;
}
status = open_file_ntcreate(conn, req, fname, psbuf,
- FILE_WRITE_DATA,
+ FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
FILE_OPEN,
0,
return status;
}
+ trigger_write_time_update_immediate(new_fsp);
close_file(new_fsp,NORMAL_CLOSE);
return NT_STATUS_OK;
}
}
/* The set is across all open files on this dev/inode pair. */
- if (!set_delete_on_close(fsp, delete_on_close, ¤t_user.ut)) {
+ if (!set_delete_on_close(fsp, delete_on_close,
+ &conn->server_info->utok)) {
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
DEBUG(10,("smb_file_rename_information: SMB_FILE_RENAME_INFORMATION %s -> %s\n",
fname, base_name ));
status = rename_internals(ctx, conn, req, fname, base_name, 0,
- overwrite, False, dest_has_wcard);
+ overwrite, False, dest_has_wcard,
+ FILE_WRITE_ATTRIBUTES);
}
return status;
}
}
/* But always update the time. */
- if (null_timespec(fsp->pending_modtime)) {
- /*
- * This is equivalent to a write. Ensure it's seen immediately
- * if there are no pending writes.
- */
- set_filetime(fsp->conn, fsp->fsp_name,
- timespec_current());
- }
+ /*
+ * This is equivalent to a write. Ensure it's seen immediately
+ * if there are no pending writes.
+ */
+ trigger_write_time_update_immediate(fsp);
return NT_STATUS_OK;
}
}
/* Changing the allocation size should set the last mod time. */
- /* Don't need to call set_filetime as this will be flushed on
- * close. */
-
- fsp_set_pending_modtime(new_fsp, timespec_current());
+ /*
+ * This is equivalent to a write. Ensure it's seen immediately
+ * if there are no pending writes.
+ */
+ trigger_write_time_update_immediate(new_fsp);
close_file(new_fsp,NORMAL_CLOSE);
return NT_STATUS_OK;
*/
if (lp_inherit_perms(SNUM(conn))) {
- inherit_access_acl(
+ inherit_access_posix_acl(
conn, parent_dirname(fname),
fname, unixmode);
}
* non-POSIX opens return SHARING_VIOLATION.
*/
- lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL);
+ lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
+ NULL);
if (lck == NULL) {
DEBUG(0, ("smb_posix_unlink: Could not get share mode "
"lock for file %s\n", fsp->fsp_name));
fsp = file_fsp(SVAL(params,0));
/* Basic check for non-null fsp. */
- if (!check_fsp_open(conn, req, fsp, ¤t_user)) {
+ if (!check_fsp_open(conn, req, fsp)) {
return;
}
info_level = SVAL(params,2);
/*
* Original code - this is an open file.
*/
- if (!check_fsp(conn, req, fsp, ¤t_user)) {
+ if (!check_fsp(conn, req, fsp)) {
return;
}
SSVAL(params,0,0);
- if (fsp && !null_timespec(fsp->pending_modtime)) {
- /* the pending modtime overrides the current modtime */
- set_mtimespec(&sbuf, fsp->pending_modtime);
- }
-
switch (info_level) {
case SMB_INFO_STANDARD:
unsigned int psoff;
unsigned int pscnt;
unsigned int tran_call;
- int size;
+ unsigned int size;
+ unsigned int av_size;
struct trans_state *state;
NTSTATUS result;
pscnt = SVAL(req->inbuf, smb_pscnt);
tran_call = SVAL(req->inbuf, smb_setup0);
size = smb_len(req->inbuf) + 4;
+ av_size = smb_len(req->inbuf);
result = allow_new_trans(conn->pending_trans, req->mid);
if (!NT_STATUS_IS_OK(result)) {
}
}
- if ((state = TALLOC_P(conn->mem_ctx, struct trans_state)) == NULL) {
+ if ((state = TALLOC_P(conn, struct trans_state)) == NULL) {
DEBUG(0, ("talloc failed\n"));
reply_nterror(req, NT_STATUS_NO_MEMORY);
END_PROFILE(SMBtrans2);
END_PROFILE(SMBtrans2);
return;
}
- if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
+
+ if (dscnt > state->total_data ||
+ dsoff+dscnt < dsoff) {
goto bad_param;
- if ((smb_base(req->inbuf)+dsoff+dscnt
- > (char *)req->inbuf + size) ||
- (smb_base(req->inbuf)+dsoff+dscnt < smb_base(req->inbuf)))
+ }
+
+ if (dsoff > av_size ||
+ dscnt > av_size ||
+ dsoff+dscnt > av_size) {
goto bad_param;
+ }
memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt);
}
END_PROFILE(SMBtrans2);
return;
}
- if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
+
+ if (pscnt > state->total_param ||
+ psoff+pscnt < psoff) {
goto bad_param;
- if ((smb_base(req->inbuf)+psoff+pscnt
- > (char *)req->inbuf + size) ||
- (smb_base(req->inbuf)+psoff+pscnt < smb_base(req->inbuf)))
+ }
+
+ if (psoff > av_size ||
+ pscnt > av_size ||
+ psoff+pscnt > av_size) {
goto bad_param;
+ }
memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt);
}
connection_struct *conn = req->conn;
unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
struct trans_state *state;
- int size;
+ unsigned int size;
+ unsigned int av_size;
START_PROFILE(SMBtranss2);
}
size = smb_len(req->inbuf)+4;
+ av_size = smb_len(req->inbuf);
for (state = conn->pending_trans; state != NULL;
state = state->next) {
goto bad_param;
if (pcnt) {
- if (pdisp+pcnt > state->total_param)
- goto bad_param;
- if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
+ if (pdisp > state->total_param ||
+ pcnt > state->total_param ||
+ pdisp+pcnt > state->total_param ||
+ pdisp+pcnt < pdisp) {
goto bad_param;
- if (pdisp > state->total_param)
- goto bad_param;
- if ((smb_base(req->inbuf) + poff + pcnt
- > (char *)req->inbuf + size) ||
- (smb_base(req->inbuf) + poff + pcnt < smb_base(req->inbuf)))
- goto bad_param;
- if (state->param + pdisp < state->param)
+ }
+
+ if (poff > av_size ||
+ pcnt > av_size ||
+ poff+pcnt > av_size ||
+ poff+pcnt < poff) {
goto bad_param;
+ }
memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,
pcnt);
}
if (dcnt) {
- if (ddisp+dcnt > state->total_data)
- goto bad_param;
- if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
+ if (ddisp > state->total_data ||
+ dcnt > state->total_data ||
+ ddisp+dcnt > state->total_data ||
+ ddisp+dcnt < ddisp) {
goto bad_param;
- if (ddisp > state->total_data)
- goto bad_param;
- if ((smb_base(req->inbuf) + doff + dcnt
- > (char *)req->inbuf + size) ||
- (smb_base(req->inbuf) + doff + dcnt < smb_base(req->inbuf)))
- goto bad_param;
- if (state->data + ddisp < state->data)
+ }
+
+ if (ddisp > av_size ||
+ dcnt > av_size ||
+ ddisp+dcnt > av_size ||
+ ddisp+dcnt < ddisp) {
goto bad_param;
+ }
memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,
dcnt);