Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 323785 | Differences between
and this patch

Collapse All | Expand All

(-)a/source/smbd/process.c (+12 lines)
Lines 1645-1650 void construct_reply_common(const char *inbuf, char *outbuf) Link Here
1645
void chain_reply(struct smb_request *req)
1645
void chain_reply(struct smb_request *req)
1646
{
1646
{
1647
	static char *orig_inbuf;
1647
	static char *orig_inbuf;
1648
	static int orig_size;
1648
1649
1649
	/*
1650
	/*
1650
	 * Dirty little const_discard: We mess with req->inbuf, which is
1651
	 * Dirty little const_discard: We mess with req->inbuf, which is
Lines 1679-1691 void chain_reply(struct smb_request *req) Link Here
1679
	if (chain_size == 0) {
1680
	if (chain_size == 0) {
1680
		/* this is the first part of the chain */
1681
		/* this is the first part of the chain */
1681
		orig_inbuf = inbuf;
1682
		orig_inbuf = inbuf;
1683
		orig_size = size;
1682
	}
1684
	}
1683
1685
1686
	/* Validate smb_off2 */
1687
	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
1688
		exit_server_cleanly("Bad chained packet");
1689
		return;
1690
	}
1684
	/*
1691
	/*
1685
	 * We need to save the output the caller added to the chain so that we
1692
	 * We need to save the output the caller added to the chain so that we
1686
	 * can splice it into the final output buffer later.
1693
	 * can splice it into the final output buffer later.
1687
	 */
1694
	 */
1688
1695
1696
	if (outsize <= smb_wct) {
1697
		exit_server_cleanly("Bad chained packet");
1698
		return;
1699
	}
1700
1689
	caller_outputlen = outsize - smb_wct;
1701
	caller_outputlen = outsize - smb_wct;
1690
1702
1691
	caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);
1703
	caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);

Return to bug 323785