The branch, master has been updated
via c0fea1f0f791f0b2a161f5c89fd532ce2270c240 (commit)
from 5baac15781779a3ebfa3807299e5329809835370 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c0fea1f0f791f0b2a161f5c89fd532ce2270c240
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 25 12:22:20 2009 +0100
Fix chain_reply for pipe reads
The caller might have over-allocated reply->outbuf. Deal with that.
Sorry, Günther, for giving you so much pain ...
Volker
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/process.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index dc038b6..a025bb4 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1640,8 +1640,18 @@ void chain_reply(struct smb_request *req)
/*
* In req->chain_outbuf we collect all the replies. Start the
* chain by copying in the first reply.
+ *
+ * We do the realloc because later on we depend on
+ * talloc_get_size to determine the length of
+ * chain_outbuf. The reply_xxx routines might have
+ * over-allocated (reply_pipe_read_and_X used to be such an
+ * example).
*/
- req->chain_outbuf = req->outbuf;
+ req->chain_outbuf = TALLOC_REALLOC_ARRAY(
+ req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
+ if (req->chain_outbuf == NULL) {
+ goto error;
+ }
req->outbuf = NULL;
} else {
if (!smb_splice_chain(&req->chain_outbuf,
--
Samba Shared Repository
