Lines 1159-1164
int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
Link Here
|
1159 |
{ |
1159 |
{ |
1160 |
static char *orig_inbuf; |
1160 |
static char *orig_inbuf; |
1161 |
static char *orig_outbuf; |
1161 |
static char *orig_outbuf; |
|
|
1162 |
static int orig_size; |
1162 |
int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0); |
1163 |
int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0); |
1163 |
unsigned smb_off2 = SVAL(inbuf,smb_vwv1); |
1164 |
unsigned smb_off2 = SVAL(inbuf,smb_vwv1); |
1164 |
char *inbuf2, *outbuf2; |
1165 |
char *inbuf2, *outbuf2; |
Lines 1178-1183
int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
Link Here
|
1178 |
/* this is the first part of the chain */ |
1179 |
/* this is the first part of the chain */ |
1179 |
orig_inbuf = inbuf; |
1180 |
orig_inbuf = inbuf; |
1180 |
orig_outbuf = outbuf; |
1181 |
orig_outbuf = outbuf; |
|
|
1182 |
orig_size = size; |
1183 |
} |
1184 |
|
1185 |
/* Validate smb_off2 */ |
1186 |
if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { |
1187 |
exit_server_cleanly("Bad chained packet"); |
1188 |
return -1; |
1181 |
} |
1189 |
} |
1182 |
|
1190 |
|
1183 |
/* |
1191 |
/* |
Lines 1192-1197
int chain_reply(char *inbuf,char *outbuf,int size,int bufsize)
Link Here
|
1192 |
SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf)); |
1200 |
SSVAL(outbuf,smb_vwv1,smb_offset(outbuf+outsize,outbuf)); |
1193 |
SCVAL(outbuf,smb_vwv0,smb_com2); |
1201 |
SCVAL(outbuf,smb_vwv0,smb_com2); |
1194 |
|
1202 |
|
|
|
1203 |
if (outsize <= smb_wct) { |
1204 |
exit_server_cleanly("Bad chained packet"); |
1205 |
return -1; |
1206 |
} |
1207 |
|
1195 |
/* remember how much the caller added to the chain, only counting stuff |
1208 |
/* remember how much the caller added to the chain, only counting stuff |
1196 |
after the parameter words */ |
1209 |
after the parameter words */ |
1197 |
chain_size += outsize - smb_wct; |
1210 |
chain_size += outsize - smb_wct; |