diff --git a/source/libcli/raw/interfaces.h b/source/libcli/raw/interfaces.h index c2f0c3530b9..60cefe6931e 100644 --- a/source/libcli/raw/interfaces.h +++ b/source/libcli/raw/interfaces.h @@ -2115,14 +2115,14 @@ struct smb_nttrans { uint32_t max_data; uint32_t setup_count; uint16_t function; - uint16_t *setup; + uint8_t *setup; DATA_BLOB params; DATA_BLOB data; } in; struct { - uint8_t setup_count; - uint16_t *setup; + uint8_t setup_count; /* in units of 16 bit words */ + uint8_t *setup; DATA_BLOB params; DATA_BLOB data; } out; diff --git a/source/libcli/raw/rawioctl.c b/source/libcli/raw/rawioctl.c index a9812022ea6..9477af4eb2c 100644 --- a/source/libcli/raw/rawioctl.c +++ b/source/libcli/raw/rawioctl.c @@ -79,7 +79,7 @@ static struct smbcli_request *smb_raw_ntioctl_send(struct smbcli_tree *tree, nt.in.max_param = 0; nt.in.max_data = parms->ntioctl.in.max_data; nt.in.setup_count = 4; - nt.in.setup = (uint16_t *)setup; + nt.in.setup = setup; SIVAL(setup, 0, parms->ntioctl.in.function); SSVAL(setup, 4, parms->ntioctl.in.file.fnum); SCVAL(setup, 6, parms->ntioctl.in.fsctl); diff --git a/source/libcli/raw/rawnotify.c b/source/libcli/raw/rawnotify.c index 5f3fa0f50ed..e847368f73e 100644 --- a/source/libcli/raw/rawnotify.c +++ b/source/libcli/raw/rawnotify.c @@ -28,7 +28,7 @@ change notify (async send) struct smbcli_request *smb_raw_changenotify_send(struct smbcli_tree *tree, union smb_notify *parms) { struct smb_nttrans nt; - uint16_t setup[4]; + uint8_t setup[8]; if (parms->nttrans.level != RAW_NOTIFY_NTTRANS) { return NULL; diff --git a/source/libcli/raw/rawtrans.c b/source/libcli/raw/rawtrans.c index 08d7483a872..164354c7011 100644 --- a/source/libcli/raw/rawtrans.c +++ b/source/libcli/raw/rawtrans.c @@ -449,15 +449,14 @@ NTSTATUS smb_raw_nttrans_recv(struct smbcli_request *req, SMBCLI_CHECK_WCT(req, 18 + parms->out.setup_count); if (parms->out.setup_count > 0) { - int i; - parms->out.setup = talloc_array(mem_ctx, uint16_t, parms->out.setup_count); + parms->out.setup = talloc_array(mem_ctx, uint8_t, + parms->out.setup_count*2); if (!parms->out.setup) { req->status = NT_STATUS_NO_MEMORY; return smbcli_request_destroy(req); } - for (i=0;iout.setup_count;i++) { - parms->out.setup[i] = SVAL(req->in.vwv, VWV(18+i)); - } + memcpy(parms->out.setup, VWV(18) + (uint8_t *)req->out.vwv, + sizeof(uint16_t) * parms->out.setup_count); } while (recvd_data < total_data || diff --git a/source/smb_server/smb/nttrans.c b/source/smb_server/smb/nttrans.c index e85da29806b..9f44dbb98b8 100644 --- a/source/smb_server/smb/nttrans.c +++ b/source/smb_server/smb/nttrans.c @@ -47,7 +47,7 @@ static NTSTATUS nttrans_setup_reply(struct nttrans_op *op, { trans->out.setup_count = setup_count; if (setup_count != 0) { - trans->out.setup = talloc_zero_array(op, uint16_t, setup_count); + trans->out.setup = talloc_zero_array(op, uint8_t, setup_count*2); NT_STATUS_HAVE_NO_MEMORY(trans->out.setup); } trans->out.params = data_blob_talloc(op, NULL, param_size); @@ -499,7 +499,6 @@ static void reply_nttrans_send(struct ntvfs_request *ntvfs) uint16_t this_data, this_param, max_bytes; uint_t align1 = 1, align2 = (params_left ? 2 : 0); struct smbsrv_request *this_req; - int i; max_bytes = req_max_data(req) - (align1 + align2); @@ -539,10 +538,8 @@ static void reply_nttrans_send(struct ntvfs_request *ntvfs) SIVAL(this_req->out.vwv, 31, PTR_DIFF(data, trans->out.data.data)); SCVAL(this_req->out.vwv, 35, trans->out.setup_count); - for (i=0;iout.setup_count;i++) { - SSVAL(this_req->out.vwv, VWV(18+i), trans->out.setup[i]); - } - + memcpy((char *)(this_req->out.vwv) + VWV(18), trans->out.setup, + sizeof(uint16_t) * trans->out.setup_count); memset(this_req->out.data, 0, align1); if (this_param != 0) { memcpy(this_req->out.data + align1, params, this_param); @@ -611,12 +608,11 @@ void smbsrv_reply_nttrans(struct smbsrv_request *req) } /* parse out the setup words */ - trans->in.setup = talloc_array(req, uint16_t, trans->in.setup_count); + trans->in.setup = talloc_array(req, uint8_t, trans->in.setup_count*2); if (!trans->in.setup) { smbsrv_send_error(req, NT_STATUS_NO_MEMORY); return; } - memcpy(trans->in.setup, (char *)(req->in.vwv) + VWV(19), sizeof(uint16_t) * trans->in.setup_count);