We were always asking for SPLICE_BLOCK_SIZE even when the
remaining bytes we wanted were smaller than that. This works
when using cli_splice() on a complete file, as the cli_read()
terminated the read at the right place. We always have the
space to read SPLICE_BLOCK_SIZE bytes so this isn't an overflow.
Found by Bailey Berro <baileyberro@google.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13527
Signed-off-by: Bailey Berro <baileyberro@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jul 13 14:57:14 CEST 2018 on sn-devel-144
(cherry picked from commit
c9656fd2977557ab20ec4e3d87c385a9b2f1bf43)
^samba3.*rap.sam.*.useradd # Not provided by Samba 3
^samba3.*rap.sam.*.userdelete # Not provided by Samba 3
^samba3.libsmbclient.opendir # This requires a workgroup called 'WORKGROUP' and for netbios browse lists to have been registered
-^samba3.smbtorture_s3.plain\(fileserver\).CLI_SPLICE
-^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).CLI_SPLICE
# see bug 8412
^samba3.smb2.rename.*.simple_nodelete
^samba3.smb2.rename.*.no_share_delete_no_delete_access
*written = 0;
while (remaining) {
+ size_t to_read = MIN(remaining, SPLICE_BLOCK_SIZE);
+
status = cli_read(srccli, src_fnum,
- (char *)buf, src_offset, SPLICE_BLOCK_SIZE,
+ (char *)buf, src_offset, to_read,
&nread);
if (!NT_STATUS_IS_OK(status)) {
return status;