--- samba-3.0.24/source/smbd/trans2.c.regression-git 2007-11-29 11:00:59.000000000 -0500
+++ samba-3.0.24/source/smbd/trans2.c 2007-11-29 11:06:10.000000000 -0500
@@ -1047,7 +1047,7 @@ static BOOL get_lanman2_dir_entry(connec
char *path_mask,uint32 dirtype,int info_level,
int requires_resume_key,
BOOL dont_descend,char **ppdata,
- char *base_data, int space_remaining,
+ char *base_data, char *end_data, int space_remaining,
BOOL *out_of_space, BOOL *got_exact_match,
int *last_entry_off, struct ea_list *name_list, TALLOC_CTX *ea_ctx)
{
@@ -1225,7 +1225,7 @@ static BOOL get_lanman2_dir_entry(connec
p += 23;
nameptr = p;
p += align_string(outbuf, p, 0);
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
SCVAL(nameptr, -1, len - 2);
@@ -1260,7 +1260,7 @@ static BOOL get_lanman2_dir_entry(connec
}
p += 27;
nameptr = p - 1;
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE | STR_NOALIGN);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE | STR_NOALIGN);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
@@ -1316,7 +1316,7 @@ static BOOL get_lanman2_dir_entry(connec
/* Push the ea_data followed by the name. */
p += fill_ea_buffer(ea_ctx, p, space_remaining - (p - pdata), conn, name_list);
nameptr = p;
- len = srvstr_push(outbuf, p + 1, fname, space_remaining - (p - pdata), STR_TERMINATE | STR_NOALIGN);
+ len = srvstr_push(outbuf, p + 1, fname, PTR_DIFF(end_data, p+1), STR_TERMINATE | STR_NOALIGN);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
@@ -1372,7 +1372,7 @@ static BOOL get_lanman2_dir_entry(connec
memset(p,'\0',26);
}
p += 2 + 24;
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII);
SIVAL(q,0,len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1393,7 +1393,7 @@ static BOOL get_lanman2_dir_entry(connec
SOFF_T(p,0,file_size); p += 8;
SOFF_T(p,0,allocation_size); p += 8;
SIVAL(p,0,nt_extmode); p += 4;
- len = srvstr_push(outbuf, p + 4, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p + 4, fname, PTR_DIFF(end_data, p+4), STR_TERMINATE_ASCII);
SIVAL(p,0,len);
p += 4 + len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1420,7 +1420,7 @@ static BOOL get_lanman2_dir_entry(connec
SIVAL(p,0,ea_size); /* Extended attributes */
p +=4;
}
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII);
SIVAL(q, 0, len);
p += len;
@@ -1438,7 +1438,7 @@ static BOOL get_lanman2_dir_entry(connec
p += 4;
/* this must *not* be null terminated or w2k gets in a loop trying to set an
acl on a dir (tridge) */
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII);
SIVAL(p, -4, len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1468,7 +1468,7 @@ static BOOL get_lanman2_dir_entry(connec
SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII);
SIVAL(q, 0, len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1518,7 +1518,7 @@ static BOOL get_lanman2_dir_entry(connec
SSVAL(p,0,0); p += 2; /* Reserved ? */
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE_ASCII);
SIVAL(q,0,len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1577,7 +1577,7 @@ static BOOL get_lanman2_dir_entry(connec
SIVAL(p,4,0);
p+= 8;
- len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE);
+ len = srvstr_push(outbuf, p, fname, PTR_DIFF(end_data, p), STR_TERMINATE);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1625,6 +1625,7 @@ static int call_trans2findfirst(connecti
requested. */
char *params = *pparams;
char *pdata = *ppdata;
+ char *data_end;
uint32 dirtype = SVAL(params,0);
int maxentries = SVAL(params,2);
uint16 findfirst_flags = SVAL(params,4);
@@ -1754,6 +1755,7 @@ total_data=%u (should be %u)\n", (unsign
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
pdata = *ppdata;
+ data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
/* Realloc the params space */
*pparams = SMB_REALLOC(*pparams, 10);
@@ -1798,7 +1800,7 @@ total_data=%u (should be %u)\n", (unsign
inbuf, outbuf,
mask,dirtype,info_level,
requires_resume_key,dont_descend,
- &p,pdata,space_remaining, &out_of_space, &got_exact_match,
+ &p,pdata,data_end,space_remaining, &out_of_space, &got_exact_match,
&last_entry_off, ea_list, ea_ctx);
}
@@ -1892,6 +1894,7 @@ static int call_trans2findnext(connectio
requested. */
char *params = *pparams;
char *pdata = *ppdata;
+ char *data_end;
int dptr_num = SVAL(params,0);
int maxentries = SVAL(params,2);
uint16 info_level = SVAL(params,4);
@@ -2006,6 +2009,7 @@ total_data=%u (should be %u)\n", (unsign
}
pdata = *ppdata;
+ data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
/* Realloc the params space */
*pparams = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
@@ -2097,7 +2101,7 @@ total_data=%u (should be %u)\n", (unsign
inbuf, outbuf,
mask,dirtype,info_level,
requires_resume_key,dont_descend,
- &p,pdata,space_remaining, &out_of_space, &got_exact_match,
+ &p,pdata,data_end,space_remaining, &out_of_space, &got_exact_match,
&last_entry_off, ea_list, ea_ctx);
}
distrib
>
Mandriva
>
2007.1
>
i586
>
media
>
main-updates-src
>
by-pkgid
>
76693df398623b56350d54a4ecd4c0d1
>
files
>
14
