|
Lines 588-599
Link Here
|
| 588 |
data_count = WVAL(inbuf, smb_drcnt); |
588 |
data_count = WVAL(inbuf, smb_drcnt); |
| 589 |
|
589 |
|
| 590 |
/* Modify offset for the split header/buffer we use */ |
|
|
| 591 |
if (data_offset < hdrlen) |
| 592 |
goto out_bad_data; |
| 593 |
if (parm_offset < hdrlen) |
| 594 |
goto out_bad_parm; |
| 595 |
data_offset -= hdrlen; |
| 596 |
parm_offset -= hdrlen; |
| 597 |
|
590 |
|
| 598 |
if (parm_count == parm_tot && data_count == data_tot) { |
591 |
if (parm_count == parm_tot && data_count == data_tot) { |
| 599 |
/* |
592 |
/* |
|
Lines 603-623
Link Here
|
| 603 |
* case. It may be a server error to not return a |
596 |
* case. It may be a server error to not return a |
| 604 |
* response that fits. |
597 |
* response that fits. |
| 605 |
*/ |
598 |
*/ |
|
|
599 |
/* _count = 0 is a special case, where data_offset is |
| 600 |
* not used. |
| 601 |
*/ |
| 602 |
if (data_count != 0) { |
| 603 |
if (data_offset < hdrlen) |
| 604 |
goto out_bad_data; |
| 605 |
/* Modify offset for the split header/buffer we use */ |
| 606 |
data_offset -= hdrlen; |
| 607 |
if (data_offset + data_count > req->rq_rlen) |
| 608 |
goto out_bad_data; |
| 609 |
req->rq_ldata = data_count; |
| 610 |
req->rq_data = req->rq_buffer + data_offset; |
| 611 |
} else { |
| 612 |
req->rq_data = NULL; |
| 613 |
req->rq_ldata = 0; |
| 614 |
} |
| 615 |
|
| 616 |
if (parm_count != 0) { |
| 617 |
if (parm_offset < hdrlen) |
| 618 |
goto out_bad_parm; |
| 619 |
/* Modify offset for the split header/buffer we use */ |
| 620 |
parm_offset -= hdrlen; |
| 621 |
if (parm_offset + parm_count > req->rq_rlen) |
| 622 |
goto out_bad_parm; |
| 623 |
req->rq_lparm = parm_count; |
| 624 |
req->rq_parm = req->rq_buffer + parm_offset; |
| 625 |
} else { |
| 626 |
req->rq_lparm = 0; |
| 627 |
req->rq_parm = NULL; |
| 628 |
} |
| 629 |
|
| 606 |
VERBOSE("single trans2 response " |
630 |
VERBOSE("single trans2 response " |
| 607 |
"dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", |
631 |
"dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", |
| 608 |
data_count, parm_count, |
632 |
data_count, parm_count, |
| 609 |
data_offset, parm_offset); |
633 |
data_offset, parm_offset); |
| 610 |
req->rq_ldata = data_count; |
|
|
| 611 |
req->rq_lparm = parm_count; |
| 612 |
req->rq_data = req->rq_buffer + data_offset; |
| 613 |
req->rq_parm = req->rq_buffer + parm_offset; |
| 614 |
if (parm_offset + parm_count > req->rq_rlen) |
| 615 |
goto out_bad_parm; |
| 616 |
if (data_offset + data_count > req->rq_rlen) |
| 617 |
goto out_bad_data; |
| 618 |
return 0; |
634 |
return 0; |
| 619 |
} |
635 |
} |
| 620 |
|
636 |
|
|
|
637 |
if (data_offset < hdrlen) |
| 638 |
goto out_bad_data; |
| 639 |
if (parm_offset < hdrlen) |
| 640 |
goto out_bad_parm; |
| 641 |
parm_offset -= hdrlen; |
| 642 |
data_offset -= hdrlen; |
| 643 |
|
| 644 |
|
| 621 |
VERBOSE("multi trans2 response " |
645 |
VERBOSE("multi trans2 response " |
| 622 |
"frag=%d, dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", |
646 |
"frag=%d, dcnt=%d, pcnt=%d, doff=%d, poff=%d\n", |
| 623 |
req->rq_fragment, |
647 |
req->rq_fragment, |