source:
freewrt/package/samba/patches/250-writex.patch@
428f140
| Last change on this file since 428f140 was 475ad56, checked in by , 20 years ago | |
|---|---|
|
|
| File size: 5.2 KB | |
-
source/include/smb.h
diff -ruN samba-2.0.10.orig/source/include/smb.h samba-2.0.10/source/include/smb.h
old new 24 24 #ifndef _SMB_H 25 25 #define _SMB_H 26 26 27 #if defined(LARGE_SMB_OFF_T) 28 #define BUFFER_SIZE (128*1024) 29 #else /* no large readwrite possible */ 27 30 #define BUFFER_SIZE (0xFFFF) 31 #endif 32 28 33 #define SAFETY_MARGIN 1024 34 #define LARGE_WRITEX_HDR_SIZE 65 29 35 30 36 #define NMB_PORT 137 31 37 #define DGRAM_PORT 138 -
source/lib/util_sock.c
diff -ruN samba-2.0.10.orig/source/lib/util_sock.c samba-2.0.10/source/lib/util_sock.c
old new 649 649 memset(buffer,'\0',smb_size + 100); 650 650 651 651 len = read_smb_length_return_keepalive(fd,buffer,timeout); 652 if (len < 0) 653 { 652 if (len < 0) { 654 653 DEBUG(10,("receive_smb: length < 0!\n")); 655 654 return(False); 656 655 } 657 656 658 if (len > BUFFER_SIZE) { 657 /* 658 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes 659 * of header. Don't print the error if this fits.... JRA. 660 */ 661 662 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) { 659 663 DEBUG(0,("Invalid packet length! (%d bytes).\n",len)); 660 664 if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) 661 {662 665 exit(1); 663 666 } 664 }665 667 666 668 if(len > 0) { 667 669 ret = read_socket_data(fd,buffer+4,len); -
source/smbd/oplock.c
diff -ruN samba-2.0.10.orig/source/smbd/oplock.c samba-2.0.10/source/smbd/oplock.c
old new 887 887 messages crossing on the wire. 888 888 */ 889 889 890 if((inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL)890 if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) 891 891 { 892 892 DEBUG(0,("oplock_break: malloc fail for input buffer.\n")); 893 893 return False; 894 894 } 895 895 896 if((outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL)896 if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) 897 897 { 898 898 DEBUG(0,("oplock_break: malloc fail for output buffer.\n")); 899 899 free(inbuf); -
source/smbd/process.c
diff -ruN samba-2.0.10.orig/source/smbd/process.c samba-2.0.10/source/smbd/process.c
old new 995 995 time_t last_timeout_processing_time = time(NULL); 996 996 unsigned int num_smbs = 0; 997 997 998 InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);999 OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);998 InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN); 999 OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN); 1000 1000 if ((InBuffer == NULL) || (OutBuffer == NULL)) 1001 1001 return; 1002 1002 … … 1027 1027 /* free up temporary memory */ 1028 1028 lp_talloc_free(); 1029 1029 1030 while(!receive_message_or_smb(InBuffer,BUFFER_SIZE ,select_timeout,&got_smb))1030 while(!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout,&got_smb)) 1031 1031 { 1032 1032 if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time)) 1033 1033 return; -
source/smbd/reply.c
diff -ruN samba-2.0.10.orig/source/smbd/reply.c samba-2.0.10/source/smbd/reply.c
old new 2551 2551 size_t numtowrite = SVAL(inbuf,smb_vwv10); 2552 2552 BOOL write_through = BITSETW(inbuf+smb_vwv7,0); 2553 2553 ssize_t nwritten = -1; 2554 int smb_doff = SVAL(inbuf,smb_vwv11); 2554 unsigned int smb_doff = SVAL(inbuf,smb_vwv11); 2555 unsigned int smblen = smb_len(inbuf); 2555 2556 char *data; 2557 BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF)); 2556 2558 2557 2559 /* If it's an IPC, pass off the pipe handler. */ 2558 if (IS_IPC(conn)) 2560 if (IS_IPC(conn)) { 2559 2561 return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize); 2562 } 2560 2563 2561 2564 CHECK_FSP(fsp,conn); 2562 2565 CHECK_WRITE(fsp); 2563 2566 CHECK_ERROR(fsp); 2564 2567 2568 /* Deal with possible LARGE_WRITEX */ 2569 if (large_writeX) 2570 numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16); 2571 2572 if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) { 2573 return(ERROR(ERRDOS,ERRbadmem)); 2574 } 2575 2565 2576 data = smb_base(inbuf) + smb_doff; 2566 2577 2567 2578 if(CVAL(inbuf,smb_wct) == 14) { … … 2586 2597 #endif /* LARGE_SMB_OFF_T */ 2587 2598 } 2588 2599 2589 if (is_locked(fsp,conn, numtowrite,startpos, F_WRLCK))2600 if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) { 2590 2601 return(ERROR(ERRDOS,ERRlock)); 2602 } 2591 2603 2592 2604 /* X/Open SMB protocol says that, unlike SMBwrite 2593 2605 if the length is zero then NO truncation is … … 2598 2610 else 2599 2611 nwritten = write_file(fsp,data,startpos,numtowrite); 2600 2612 2601 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) 2613 if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) { 2602 2614 return(UNIXERROR(ERRDOS,ERRnoaccess)); 2615 } 2603 2616 2604 2617 set_message(outbuf,6,0,True); 2605 2618 2606 2619 SSVAL(outbuf,smb_vwv2,nwritten); 2620 if (large_writeX) 2621 SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1); 2607 2622 2608 2623 if (nwritten < (ssize_t)numtowrite) { 2609 2624 CVAL(outbuf,smb_rcls) = ERRHRD;
Note:
See TracBrowser
for help on using the repository browser.
