Author: vlendec Date: 2006-04-01 19:17:07 +0000 (Sat, 01 Apr 2006) New Revision: 14853
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14853 Log: When going through ipc, trans2 and nttrans I had started from the 3_0 ipc.c. Fix the bug in the 3 new implementations that Jeremy just fixed in 3_0/smbd/ipc.c. Thanks again to G?\195?\188nther Kukkukk ! Volker Modified: trunk/source/smbd/ipc.c trunk/source/smbd/nttrans.c trunk/source/smbd/trans2.c Changeset: Modified: trunk/source/smbd/ipc.c =================================================================== --- trunk/source/smbd/ipc.c 2006-04-01 18:41:07 UTC (rev 14852) +++ trunk/source/smbd/ipc.c 2006-04-01 19:17:07 UTC (rev 14853) @@ -638,7 +638,7 @@ goto bad_param; if (pdisp > state->total_param) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) || + if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (state->param + pdisp < state->param) @@ -655,7 +655,7 @@ goto bad_param; if (ddisp > state->total_data) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) || + if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (state->data + ddisp < state->data) Modified: trunk/source/smbd/nttrans.c =================================================================== --- trunk/source/smbd/nttrans.c 2006-04-01 18:41:07 UTC (rev 14852) +++ trunk/source/smbd/nttrans.c 2006-04-01 19:17:07 UTC (rev 14853) @@ -3029,7 +3029,7 @@ goto bad_param; if (pdisp > state->total_param) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) || + if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (state->param + pdisp < state->param) @@ -3046,7 +3046,7 @@ goto bad_param; if (ddisp > state->total_data) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) || + if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (state->data + ddisp < state->data) Modified: trunk/source/smbd/trans2.c =================================================================== --- trunk/source/smbd/trans2.c 2006-04-01 18:41:07 UTC (rev 14852) +++ trunk/source/smbd/trans2.c 2006-04-01 19:17:07 UTC (rev 14853) @@ -5332,7 +5332,7 @@ goto bad_param; if (pdisp > state->total_param) goto bad_param; - if ((smb_base(inbuf) + poff + pcnt >= inbuf + size) || + if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) goto bad_param; if (state->param + pdisp < state->param) @@ -5349,7 +5349,7 @@ goto bad_param; if (ddisp > state->total_data) goto bad_param; - if ((smb_base(inbuf) + doff + dcnt >= inbuf + size) || + if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) goto bad_param; if (state->data + ddisp < state->data)
