r23450: max_params_return is complete fiction when getting a changenotify

request. Ignore it. Should fix bug #4689 but more tests and
valgrinding will follow.
Jeremy.

diff --git a/source/smbd/notify.c b/source/smbd/notify.c
index b2ac26764af5554be1067ea62cd420a174001dc5..5491f8eaf8adfb5e2cf092008b6efc962473bb18 100644 (file)
--- a/source/smbd/notify.c
+++ b/source/smbd/notify.c
@@ -27,7 +27,6 @@ struct notify_change_request {
        struct files_struct *fsp;       /* backpointer for cancel by mid */
        char request_buf[smb_size];
        uint32 filter;
-       uint32 max_param_count;
        uint32 current_bufsize;
        struct notify_mid_map *mid_map;
        void *backend_data;
@@ -127,12 +126,12 @@ static void change_notify_reply_packet(const char *request_buf,
                                    "failed.");
 }
 
-void change_notify_reply(const char *request_buf, uint32 max_param_count,
+void change_notify_reply(const char *request_buf,
                         struct notify_change_buf *notify_buf)
 {
        char *outbuf = NULL;
        prs_struct ps;
-       size_t buflen = smb_size+38+max_param_count;
+       size_t buflen;
 
        if (notify_buf->num_changes == -1) {
                change_notify_reply_packet(request_buf, NT_STATUS_OK);
@@ -146,14 +145,7 @@ void change_notify_reply(const char *request_buf, uint32 max_param_count,
                goto done;
        }
 
-       if (prs_offset(&ps) > max_param_count) {
-               /*
-                * We exceed what the client is willing to accept. Send
-                * nothing.
-                */
-               change_notify_reply_packet(request_buf, NT_STATUS_OK);
-               goto done;
-       }
+       buflen = smb_size+38+prs_offset(&ps) + 4 /* padding */;
 
        if (!(outbuf = SMB_MALLOC_ARRAY(char, buflen))) {
                change_notify_reply_packet(request_buf, NT_STATUS_NO_MEMORY);
@@ -215,7 +207,7 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32 filter,
        return status;
 }
 
-NTSTATUS change_notify_add_request(const char *inbuf, uint32 max_param_count,
+NTSTATUS change_notify_add_request(const char *inbuf, 
                                   uint32 filter, BOOL recursive,
                                   struct files_struct *fsp)
 {
@@ -232,7 +224,6 @@ NTSTATUS change_notify_add_request(const char *inbuf, uint32 max_param_count,
        map->req = request;
 
        memcpy(request->request_buf, inbuf, sizeof(request->request_buf));
-       request->max_param_count = max_param_count;
        request->current_bufsize = 0;
        request->filter = filter;
        request->fsp = fsp;
@@ -409,7 +400,6 @@ static void notify_fsp(files_struct *fsp, uint32 action, const char *name)
         */
 
        change_notify_reply(fsp->notify->requests->request_buf,
-                           fsp->notify->requests->max_param_count,
                            fsp->notify);
 
        change_notify_remove_request(fsp->notify->requests);

diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index 71e6dd47b46317b426dabe0f3e3e8cfe07f449fc..e713922ecb265d38edd9943cd76e6d7b413ea4f9 100644 (file)
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -1985,8 +1985,7 @@ static int call_nt_transact_notify_change(connection_struct *conn, char *inbuf,
                 * here.
                 */
 
-               change_notify_reply(inbuf, max_param_count,
-                                   fsp->notify);
+               change_notify_reply(inbuf, fsp->notify);
 
                /*
                 * change_notify_reply() above has independently sent its
@@ -1999,8 +1998,7 @@ static int call_nt_transact_notify_change(connection_struct *conn, char *inbuf,
         * No changes pending, queue the request
         */
 
-       status = change_notify_add_request(inbuf, max_param_count, filter,
-                                          recursive, fsp);
+       status = change_notify_add_request(inbuf, filter, recursive, fsp);
        if (!NT_STATUS_IS_OK(status)) {
                return ERROR_NT(status);
        }