Lines 1645-1650
void construct_reply_common(const char *inbuf, char *outbuf)
Link Here
|
1645 |
void chain_reply(struct smb_request *req) |
1645 |
void chain_reply(struct smb_request *req) |
1646 |
{ |
1646 |
{ |
1647 |
static char *orig_inbuf; |
1647 |
static char *orig_inbuf; |
|
|
1648 |
static int orig_size; |
1648 |
|
1649 |
|
1649 |
/* |
1650 |
/* |
1650 |
* Dirty little const_discard: We mess with req->inbuf, which is |
1651 |
* Dirty little const_discard: We mess with req->inbuf, which is |
Lines 1679-1691
void chain_reply(struct smb_request *req)
Link Here
|
1679 |
if (chain_size == 0) { |
1680 |
if (chain_size == 0) { |
1680 |
/* this is the first part of the chain */ |
1681 |
/* this is the first part of the chain */ |
1681 |
orig_inbuf = inbuf; |
1682 |
orig_inbuf = inbuf; |
|
|
1683 |
orig_size = size; |
1682 |
} |
1684 |
} |
1683 |
|
1685 |
|
|
|
1686 |
/* Validate smb_off2 */ |
1687 |
if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) { |
1688 |
exit_server_cleanly("Bad chained packet"); |
1689 |
return; |
1690 |
} |
1684 |
/* |
1691 |
/* |
1685 |
* We need to save the output the caller added to the chain so that we |
1692 |
* We need to save the output the caller added to the chain so that we |
1686 |
* can splice it into the final output buffer later. |
1693 |
* can splice it into the final output buffer later. |
1687 |
*/ |
1694 |
*/ |
1688 |
|
1695 |
|
|
|
1696 |
if (outsize <= smb_wct) { |
1697 |
exit_server_cleanly("Bad chained packet"); |
1698 |
return; |
1699 |
} |
1700 |
|
1689 |
caller_outputlen = outsize - smb_wct; |
1701 |
caller_outputlen = outsize - smb_wct; |
1690 |
|
1702 |
|
1691 |
caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen); |
1703 |
caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen); |