From: Volker Lendecke <vl@samba.org>
Date: Sun, 10 Aug 2008 15:37:08 +0000 (+0200)
Subject: Fix andx offset calculation for more than 2 chained requests
X-Git-Tag: samba-3.3.0pre1~253
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0ff16e8573f3c312f10fc723648319fa1f514ac0;p=thirdparty%2Fsamba.git

Fix andx offset calculation for more than 2 chained requests

Untested code is broken code.... Test follows later, it's quite an intrusive
change to libsmb/
---

diff --git a/source/smbd/process.c b/source/smbd/process.c
index da1165219b5..a1d2d88b3dd 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -1696,7 +1696,7 @@ void chain_reply(struct smb_request *req)
 	 * remember how much the caller added to the chain, only counting
 	 * stuff after the parameter words
 	 */
-	chain_size += outsize_padded - smb_wct;
+	chain_size += (outsize_padded - smb_wct);
 
 	/*
 	 * work out pointers into the original packets. The
@@ -1825,6 +1825,12 @@ void chain_reply(struct smb_request *req)
 	SAFE_FREE(caller_output);
 	TALLOC_FREE(req2);
 
+	/*
+	 * Reset the chain_size for our caller's offset calculations
+	 */
+
+	chain_size -= (outsize_padded - smb_wct);
+
 	return;
 }