r21206: - a couple more nttrans places were a memcpy() should be used

- changed the setup array in nttrans to be a uint8 array, instead of a
  uint16 array. This makes it clearer that it is the job of the caller
  to do any byte swapping within that data

source/libcli/raw/interfaces.h

@@ -2115,14 +2115,14 @@ struct smb_nttrans {
 		uint32_t max_data;
 		uint32_t setup_count;
 		uint16_t function;
-		uint16_t *setup;
+		uint8_t  *setup;
 		DATA_BLOB params;
 		DATA_BLOB data;
 	} in;
 
 	struct {
-		uint8_t  setup_count;
-		uint16_t *setup;
+		uint8_t  setup_count; /* in units of 16 bit words */
+		uint8_t  *setup;
 		DATA_BLOB params;
 		DATA_BLOB data;
 	} out;

source/libcli/raw/rawioctl.c

@@ -79,7 +79,7 @@ static struct smbcli_request *smb_raw_ntioctl_send(struct smbcli_tree *tree,
 	nt.in.max_param = 0;
 	nt.in.max_data = parms->ntioctl.in.max_data;
 	nt.in.setup_count = 4;
-	nt.in.setup = (uint16_t *)setup;
+	nt.in.setup = setup;
 	SIVAL(setup, 0, parms->ntioctl.in.function);
 	SSVAL(setup, 4, parms->ntioctl.in.file.fnum);
 	SCVAL(setup, 6, parms->ntioctl.in.fsctl);

source/libcli/raw/rawnotify.c

@@ -28,7 +28,7 @@ change notify (async send)
 struct smbcli_request *smb_raw_changenotify_send(struct smbcli_tree *tree, union smb_notify *parms)
 {
 	struct smb_nttrans nt;
-	uint16_t setup[4];
+	uint8_t setup[8];
 
 	if (parms->nttrans.level != RAW_NOTIFY_NTTRANS) {
 		return NULL;

source/libcli/raw/rawtrans.c

@@ -449,15 +449,14 @@ NTSTATUS smb_raw_nttrans_recv(struct smbcli_request *req,
 	SMBCLI_CHECK_WCT(req, 18 + parms->out.setup_count);
 
 	if (parms->out.setup_count > 0) {
-		int i;
-		parms->out.setup = talloc_array(mem_ctx, uint16_t, parms->out.setup_count);
+		parms->out.setup = talloc_array(mem_ctx, uint8_t, 
+						parms->out.setup_count*2);
 		if (!parms->out.setup) {
 			req->status = NT_STATUS_NO_MEMORY;
 			return smbcli_request_destroy(req);
 		}
-		for (i=0;i<parms->out.setup_count;i++) {
-			parms->out.setup[i] = SVAL(req->in.vwv, VWV(18+i));
-		}
+		memcpy(parms->out.setup, VWV(18) + (uint8_t *)req->out.vwv,
+		       sizeof(uint16_t) * parms->out.setup_count);
 	}
 	
 	while (recvd_data < total_data || 

source/smb_server/smb/nttrans.c

@@ -47,7 +47,7 @@ static NTSTATUS nttrans_setup_reply(struct nttrans_op *op,
 {
 	trans->out.setup_count = setup_count;
 	if (setup_count != 0) {
-		trans->out.setup = talloc_zero_array(op, uint16_t, setup_count);
+		trans->out.setup = talloc_zero_array(op, uint8_t, setup_count*2);
 		NT_STATUS_HAVE_NO_MEMORY(trans->out.setup);
 	}
 	trans->out.params = data_blob_talloc(op, NULL, param_size);
@@ -499,7 +499,6 @@ static void reply_nttrans_send(struct ntvfs_request *ntvfs)
 		uint16_t this_data, this_param, max_bytes;
 		uint_t align1 = 1, align2 = (params_left ? 2 : 0);
 		struct smbsrv_request *this_req;
-		int i;
 
 		max_bytes = req_max_data(req) - (align1 + align2);
 
@@ -539,10 +538,8 @@ static void reply_nttrans_send(struct ntvfs_request *ntvfs)
 		SIVAL(this_req->out.vwv, 31, PTR_DIFF(data, trans->out.data.data));
 
 		SCVAL(this_req->out.vwv, 35, trans->out.setup_count);
-		for (i=0;i<trans->out.setup_count;i++) {
-			SSVAL(this_req->out.vwv, VWV(18+i), trans->out.setup[i]);
-		}
-
+		memcpy((char *)(this_req->out.vwv) + VWV(18), trans->out.setup,
+		       sizeof(uint16_t) * trans->out.setup_count);
 		memset(this_req->out.data, 0, align1);
 		if (this_param != 0) {
 			memcpy(this_req->out.data + align1, params, this_param);
@@ -611,12 +608,11 @@ void smbsrv_reply_nttrans(struct smbsrv_request *req)
 	}
 
 	/* parse out the setup words */
-	trans->in.setup = talloc_array(req, uint16_t, trans->in.setup_count);
+	trans->in.setup = talloc_array(req, uint8_t, trans->in.setup_count*2);
 	if (!trans->in.setup) {
 		smbsrv_send_error(req, NT_STATUS_NO_MEMORY);
 		return;
 	}
-
 	memcpy(trans->in.setup, (char *)(req->in.vwv) + VWV(19),
 	       sizeof(uint16_t) * trans->in.setup_count);