summaryrefslogtreecommitdiff
path: root/openwrt/package/samba/patches
diff options
context:
space:
mode:
Diffstat (limited to 'openwrt/package/samba/patches')
-rw-r--r--openwrt/package/samba/patches/100-samba.patch78
-rw-r--r--openwrt/package/samba/patches/200-security.patch69
-rw-r--r--openwrt/package/samba/patches/250-writex.patch152
3 files changed, 223 insertions, 76 deletions
diff --git a/openwrt/package/samba/patches/100-samba.patch b/openwrt/package/samba/patches/100-samba.patch
index 3d41af78e1..3bfeed3596 100644
--- a/openwrt/package/samba/patches/100-samba.patch
+++ b/openwrt/package/samba/patches/100-samba.patch
@@ -1,6 +1,6 @@
-diff -ur samba-2.0.10/source/include/smb.h samba/source/include/smb.h
---- samba-2.0.10/source/include/smb.h 2001-06-23 12:52:20.000000000 +0400
-+++ samba/source/include/smb.h 2005-05-21 21:09:03.204222704 +0400
+diff -ruN samba-2.0.10.orig/source/include/smb.h samba-2.0.10/source/include/smb.h
+--- samba-2.0.10.orig/source/include/smb.h 2001-06-23 10:52:20.000000000 +0200
++++ samba-2.0.10/source/include/smb.h 2006-03-06 22:21:12.000000000 +0100
@@ -115,6 +115,22 @@
* Usage:
* DEBUGADD( 2, ("Some additional text.\n") );
@@ -43,9 +43,9 @@ diff -ur samba-2.0.10/source/include/smb.h samba/source/include/smb.h
#define CAP_EXTENDED_SECURITY 0x80000000
/* protocol types. It assumes that higher protocols include lower protocols
-diff -ur samba-2.0.10/source/Makefile.in samba/source/Makefile.in
---- samba-2.0.10/source/Makefile.in 2000-03-17 01:57:08.000000000 +0300
-+++ samba/source/Makefile.in 2005-05-21 20:59:57.130238568 +0400
+diff -ruN samba-2.0.10.orig/source/Makefile.in samba-2.0.10/source/Makefile.in
+--- samba-2.0.10.orig/source/Makefile.in 2000-03-16 23:57:08.000000000 +0100
++++ samba-2.0.10/source/Makefile.in 2006-03-06 22:21:12.000000000 +0100
@@ -37,8 +37,8 @@
# set these to where to find various files
# These can be overridden by command line switches (see smbd(8))
@@ -172,9 +172,9 @@ diff -ur samba-2.0.10/source/Makefile.in samba/source/Makefile.in
-rmdir bin
distclean: realclean
-diff -ur samba-2.0.10/source/nmbd/nmbd_mynames.c samba/source/nmbd/nmbd_mynames.c
---- samba-2.0.10/source/nmbd/nmbd_mynames.c 2000-03-17 01:59:24.000000000 +0300
-+++ samba/source/nmbd/nmbd_mynames.c 2005-05-21 20:57:26.672111680 +0400
+diff -ruN samba-2.0.10.orig/source/nmbd/nmbd_mynames.c samba-2.0.10/source/nmbd/nmbd_mynames.c
+--- samba-2.0.10.orig/source/nmbd/nmbd_mynames.c 2000-03-16 23:59:24.000000000 +0100
++++ samba-2.0.10/source/nmbd/nmbd_mynames.c 2006-03-06 22:21:12.000000000 +0100
@@ -215,8 +215,8 @@
*/
if( !is_refresh_already_queued( subrec, namerec) )
@@ -186,9 +186,9 @@ diff -ur samba-2.0.10/source/nmbd/nmbd_mynames.c samba/source/nmbd/nmbd_mynames.
}
}
}
-diff -ur samba-2.0.10/source/smbd/close.c samba/source/smbd/close.c
---- samba-2.0.10/source/smbd/close.c 2000-04-21 21:43:13.000000000 +0400
-+++ samba/source/smbd/close.c 2005-05-21 19:44:59.516979712 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/close.c samba-2.0.10/source/smbd/close.c
+--- samba-2.0.10.orig/source/smbd/close.c 2000-04-21 19:43:13.000000000 +0200
++++ samba-2.0.10/source/smbd/close.c 2006-03-06 22:21:12.000000000 +0100
@@ -122,11 +122,11 @@
last_reference = True;
@@ -203,9 +203,9 @@ diff -ur samba-2.0.10/source/smbd/close.c samba/source/smbd/close.c
/* check for magic scripts */
if (normal_close) {
check_magic(fsp,conn);
-diff -ur samba-2.0.10/source/smbd/ipc.c samba/source/smbd/ipc.c
---- samba-2.0.10/source/smbd/ipc.c 2000-03-30 02:20:06.000000000 +0400
-+++ samba/source/smbd/ipc.c 2005-05-21 19:44:59.559973176 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/ipc.c samba-2.0.10/source/smbd/ipc.c
+--- samba-2.0.10.orig/source/smbd/ipc.c 2000-03-30 00:20:06.000000000 +0200
++++ samba-2.0.10/source/smbd/ipc.c 2006-03-06 22:21:12.000000000 +0100
@@ -472,7 +472,7 @@
PACK(desc,t,v);
}
@@ -290,9 +290,9 @@ diff -ur samba-2.0.10/source/smbd/ipc.c samba/source/smbd/ipc.c
{"SamOEMChangePassword", 214, api_SamOEMChangePassword,0},
{NULL, -1, api_Unsupported,0}};
-diff -ur samba-2.0.10/source/smbd/negprot.c samba/source/smbd/negprot.c
---- samba-2.0.10/source/smbd/negprot.c 2000-03-17 01:59:47.000000000 +0300
-+++ samba/source/smbd/negprot.c 2005-05-21 21:09:16.025273608 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/negprot.c samba-2.0.10/source/smbd/negprot.c
+--- samba-2.0.10.orig/source/smbd/negprot.c 2000-03-16 23:59:47.000000000 +0100
++++ samba-2.0.10/source/smbd/negprot.c 2006-03-06 22:21:12.000000000 +0100
@@ -160,7 +160,7 @@
/* dual names + lock_and_read + nt SMBs + remote API calls */
int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|
@@ -302,9 +302,9 @@ diff -ur samba-2.0.10/source/smbd/negprot.c samba/source/smbd/negprot.c
/*
-diff -ur samba-2.0.10/source/smbd/password.c samba/source/smbd/password.c
---- samba-2.0.10/source/smbd/password.c 2000-03-17 01:59:48.000000000 +0300
-+++ samba/source/smbd/password.c 2005-05-21 19:44:59.562972720 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/password.c samba-2.0.10/source/smbd/password.c
+--- samba-2.0.10.orig/source/smbd/password.c 2000-03-16 23:59:48.000000000 +0100
++++ samba-2.0.10/source/smbd/password.c 2006-03-06 22:21:12.000000000 +0100
@@ -1149,7 +1149,7 @@
return(True);
@@ -319,9 +319,9 @@ diff -ur samba-2.0.10/source/smbd/password.c samba/source/smbd/password.c
return True;
}
+#endif
-diff -ur samba-2.0.10/source/smbd/process.c samba/source/smbd/process.c
---- samba-2.0.10/source/smbd/process.c 2000-04-15 04:21:27.000000000 +0400
-+++ samba/source/smbd/process.c 2005-05-21 19:44:59.583969528 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/process.c samba-2.0.10/source/smbd/process.c
+--- samba-2.0.10.orig/source/smbd/process.c 2000-04-15 02:21:27.000000000 +0200
++++ samba-2.0.10/source/smbd/process.c 2006-03-06 22:21:12.000000000 +0100
@@ -343,10 +343,12 @@
{SMBlseek,"SMBlseek",reply_lseek,AS_USER},
{SMBflush,"SMBflush",reply_flush,AS_USER},
@@ -353,9 +353,9 @@ diff -ur samba-2.0.10/source/smbd/process.c samba/source/smbd/process.c
/*
* Check to see if we have any blocking locks
* outstanding on the queue.
-diff -ur samba-2.0.10/source/smbd/reply.c samba/source/smbd/reply.c
---- samba-2.0.10/source/smbd/reply.c 2001-06-23 12:51:24.000000000 +0400
-+++ samba/source/smbd/reply.c 2005-05-21 19:44:59.628962688 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/reply.c samba-2.0.10/source/smbd/reply.c
+--- samba-2.0.10.orig/source/smbd/reply.c 2001-06-23 10:51:24.000000000 +0200
++++ samba-2.0.10/source/smbd/reply.c 2006-03-06 22:21:12.000000000 +0100
@@ -597,12 +597,12 @@
if (!check_domain_match(orig_user, domain))
@@ -389,9 +389,9 @@ diff -ur samba-2.0.10/source/smbd/reply.c samba/source/smbd/reply.c
/****************************************************************************
reply to a mkdir
-diff -ur samba-2.0.10/source/smbd/server.c samba/source/smbd/server.c
---- samba-2.0.10/source/smbd/server.c 2000-03-17 01:59:52.000000000 +0300
-+++ samba/source/smbd/server.c 2005-05-21 19:44:59.649959496 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/server.c samba-2.0.10/source/smbd/server.c
+--- samba-2.0.10.orig/source/smbd/server.c 2000-03-16 23:59:52.000000000 +0100
++++ samba-2.0.10/source/smbd/server.c 2006-03-06 22:21:12.000000000 +0100
@@ -300,9 +300,9 @@
lp_killunused(conn_snum_used);
@@ -404,9 +404,9 @@ diff -ur samba-2.0.10/source/smbd/server.c samba/source/smbd/server.c
/* perhaps the config filename is now set */
if (!test)
reload_services(True);
-diff -ur samba-2.0.10/source/smbd/service.c samba/source/smbd/service.c
---- samba-2.0.10/source/smbd/service.c 2000-03-17 01:59:52.000000000 +0300
-+++ samba/source/smbd/service.c 2005-05-21 19:44:59.670956304 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/service.c samba-2.0.10/source/smbd/service.c
+--- samba-2.0.10.orig/source/smbd/service.c 2000-03-16 23:59:52.000000000 +0100
++++ samba-2.0.10/source/smbd/service.c 2006-03-06 22:21:12.000000000 +0100
@@ -121,7 +121,7 @@
}
}
@@ -425,9 +425,9 @@ diff -ur samba-2.0.10/source/smbd/service.c samba/source/smbd/service.c
/* just possibly it's a default service? */
if (iService < 0)
{
-diff -ur samba-2.0.10/source/utils/smbpasswd.c samba/source/utils/smbpasswd.c
---- samba-2.0.10/source/utils/smbpasswd.c 2000-03-17 01:59:57.000000000 +0300
-+++ samba/source/utils/smbpasswd.c 2005-05-21 19:44:59.671956152 +0400
+diff -ruN samba-2.0.10.orig/source/utils/smbpasswd.c samba-2.0.10/source/utils/smbpasswd.c
+--- samba-2.0.10.orig/source/utils/smbpasswd.c 2000-03-16 23:59:57.000000000 +0100
++++ samba-2.0.10/source/utils/smbpasswd.c 2006-03-06 22:21:12.000000000 +0100
@@ -71,7 +71,7 @@
}
exit(1);
@@ -462,9 +462,9 @@ diff -ur samba-2.0.10/source/utils/smbpasswd.c samba/source/utils/smbpasswd.c
/*
* Deal with root - can add a user, but only locally.
*/
-diff -ur samba-2.0.10/source/web/swat.c samba/source/web/swat.c
---- samba-2.0.10/source/web/swat.c 2000-04-11 21:36:36.000000000 +0400
-+++ samba/source/web/swat.c 2005-05-21 19:44:59.692952960 +0400
+diff -ruN samba-2.0.10.orig/source/web/swat.c samba-2.0.10/source/web/swat.c
+--- samba-2.0.10.orig/source/web/swat.c 2000-04-11 19:36:36.000000000 +0200
++++ samba-2.0.10/source/web/swat.c 2006-03-06 22:21:12.000000000 +0100
@@ -357,8 +357,9 @@
return 0;
}
diff --git a/openwrt/package/samba/patches/200-security.patch b/openwrt/package/samba/patches/200-security.patch
index 7fb34f94f2..8e51549e1a 100644
--- a/openwrt/package/samba/patches/200-security.patch
+++ b/openwrt/package/samba/patches/200-security.patch
@@ -1,7 +1,7 @@
-diff -ur samba-2.0.10/source/include/smb.h samba-2.0.10-security/source/include/smb.h
---- samba-2.0.10/source/include/smb.h 2001-06-23 12:52:20.000000000 +0400
-+++ samba-2.0.10-security/source/include/smb.h 2005-05-21 21:51:17.206995728 +0400
-@@ -256,6 +256,7 @@
+diff -ruN samba-2.0.10.orig/source/include/smb.h samba-2.0.10/source/include/smb.h
+--- samba-2.0.10.orig/source/include/smb.h 2006-03-06 22:25:08.000000000 +0100
++++ samba-2.0.10/source/include/smb.h 2006-03-06 22:25:53.000000000 +0100
+@@ -272,6 +272,7 @@
#define ERRlock 33 /* Lock request conflicts with existing lock */
#define ERRunsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */
#define ERRfilexists 80 /* File in operation already exists */
@@ -9,7 +9,7 @@ diff -ur samba-2.0.10/source/include/smb.h samba-2.0.10-security/source/include/
#define ERRcannotopen 110 /* Cannot open the file specified */
#define ERRunknownlevel 124
#define ERRrename 183
-@@ -1893,4 +1894,7 @@
+@@ -1911,4 +1912,7 @@
#define SAFE_NETBIOS_CHARS ". -_"
@@ -17,15 +17,15 @@ diff -ur samba-2.0.10/source/include/smb.h samba-2.0.10-security/source/include/
+#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0)
+#endif
#endif /* _SMB_H */
-diff -ur samba-2.0.10/source/include/version.h samba-2.0.10-security/source/include/version.h
---- samba-2.0.10/source/include/version.h 2001-06-23 17:23:59.000000000 +0400
-+++ samba-2.0.10-security/source/include/version.h 2005-05-21 21:51:17.227992536 +0400
+diff -ruN samba-2.0.10.orig/source/include/version.h samba-2.0.10/source/include/version.h
+--- samba-2.0.10.orig/source/include/version.h 2001-06-23 15:23:59.000000000 +0200
++++ samba-2.0.10/source/include/version.h 2006-03-06 22:25:53.000000000 +0100
@@ -1 +1 @@
-#define VERSION "2.0.10"
+#define VERSION "2.0.10-security-rollup"
-diff -ur samba-2.0.10/source/smbd/filename.c samba-2.0.10-security/source/smbd/filename.c
---- samba-2.0.10/source/smbd/filename.c 2000-03-17 01:59:44.000000000 +0300
-+++ samba-2.0.10-security/source/smbd/filename.c 2005-05-21 21:51:17.403965784 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/filename.c samba-2.0.10/source/smbd/filename.c
+--- samba-2.0.10.orig/source/smbd/filename.c 2000-03-16 23:59:44.000000000 +0100
++++ samba-2.0.10/source/smbd/filename.c 2006-03-06 22:25:53.000000000 +0100
@@ -172,7 +172,7 @@
* StrnCpy always null terminates.
*/
@@ -35,10 +35,10 @@ diff -ur samba-2.0.10/source/smbd/filename.c samba-2.0.10-security/source/smbd/f
if(!case_sensitive)
strupper( orig_name );
-diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
---- samba-2.0.10/source/smbd/ipc.c 2000-03-30 02:20:06.000000000 +0400
-+++ samba-2.0.10-security/source/smbd/ipc.c 2005-05-21 21:51:17.269986152 +0400
-@@ -3550,18 +3550,18 @@
+diff -ruN samba-2.0.10.orig/source/smbd/ipc.c samba-2.0.10/source/smbd/ipc.c
+--- samba-2.0.10.orig/source/smbd/ipc.c 2006-03-06 22:25:08.000000000 +0100
++++ samba-2.0.10/source/smbd/ipc.c 2006-03-06 22:25:53.000000000 +0100
+@@ -3556,18 +3556,18 @@
uint16 *setup=NULL;
int outsize = 0;
uint16 vuid = SVAL(inbuf,smb_uid);
@@ -67,7 +67,7 @@ diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
memset(name, '\0',sizeof(name));
fstrcpy(name,smb_buf(inbuf));
-@@ -3572,31 +3572,48 @@
+@@ -3578,26 +3578,44 @@
if (tdscnt) {
if((data = (char *)malloc(tdscnt)) == NULL) {
@@ -117,12 +117,7 @@ diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
for (i=0;i<suwcnt;i++)
setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
}
-
--
- if (pscnt < tpscnt || dscnt < tdscnt) {
- /* We need to send an interim response then receive the rest
- of the parameter/data bytes */
-@@ -3608,7 +3625,7 @@
+@@ -3614,7 +3632,7 @@
/* receive the rest of the trans packet */
while (pscnt < tpscnt || dscnt < tdscnt) {
BOOL ret;
@@ -131,7 +126,7 @@ diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
-@@ -3619,19 +3636,19 @@
+@@ -3625,19 +3643,19 @@
DEBUG(0,("reply_trans: %s in getting secondary trans response.\n",
(smb_read_error == READ_ERROR) ? "error" : "timeout" ));
}
@@ -159,7 +154,7 @@ diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
pcnt = SVAL(inbuf,smb_vwv2);
poff = SVAL(inbuf,smb_vwv3);
-@@ -3644,17 +3661,36 @@
+@@ -3650,17 +3668,36 @@
pscnt += pcnt;
dscnt += dcnt;
@@ -203,7 +198,7 @@ diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",
name,tdscnt,tpscnt,suwcnt));
-@@ -3694,4 +3730,12 @@
+@@ -3700,4 +3737,12 @@
return(ERROR(ERRSRV,ERRnosupport));
return(outsize);
@@ -216,9 +211,9 @@ diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
+ SAFE_FREE(setup);
+ return(ERROR(ERRSRV,ERRerror));
}
-diff -ur samba-2.0.10/source/smbd/nttrans.c samba-2.0.10-security/source/smbd/nttrans.c
---- samba-2.0.10/source/smbd/nttrans.c 2000-04-24 21:27:30.000000000 +0400
-+++ samba-2.0.10-security/source/smbd/nttrans.c 2005-05-21 21:51:17.314979312 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/nttrans.c samba-2.0.10/source/smbd/nttrans.c
+--- samba-2.0.10.orig/source/smbd/nttrans.c 2000-04-24 19:27:30.000000000 +0200
++++ samba-2.0.10/source/smbd/nttrans.c 2006-03-06 22:25:53.000000000 +0100
@@ -2575,11 +2575,14 @@
params = (char *)malloc(total_parameter_count);
if (total_data_count > 0)
@@ -394,9 +389,9 @@ diff -ur samba-2.0.10/source/smbd/nttrans.c samba-2.0.10-security/source/smbd/nt
+ SAFE_FREE(setup);
+ return ERROR(ERRDOS,ERRinvalidparam);
}
-diff -ur samba-2.0.10/source/smbd/password.c samba-2.0.10-security/source/smbd/password.c
---- samba-2.0.10/source/smbd/password.c 2000-03-17 01:59:48.000000000 +0300
-+++ samba-2.0.10-security/source/smbd/password.c 2005-05-21 21:51:17.336975968 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/password.c samba-2.0.10/source/smbd/password.c
+--- samba-2.0.10.orig/source/smbd/password.c 2006-03-06 22:25:08.000000000 +0100
++++ samba-2.0.10/source/smbd/password.c 2006-03-06 22:25:53.000000000 +0100
@@ -770,7 +770,7 @@
if (!ok && lp_username(snum)) {
char *auser;
@@ -406,9 +401,9 @@ diff -ur samba-2.0.10/source/smbd/password.c samba-2.0.10-security/source/smbd/p
pstring_sub(user_list,"%S",lp_servicename(snum));
-diff -ur samba-2.0.10/source/smbd/reply.c samba-2.0.10-security/source/smbd/reply.c
---- samba-2.0.10/source/smbd/reply.c 2001-06-23 12:51:24.000000000 +0400
-+++ samba-2.0.10-security/source/smbd/reply.c 2005-05-21 21:51:17.378969584 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/reply.c samba-2.0.10/source/smbd/reply.c
+--- samba-2.0.10.orig/source/smbd/reply.c 2006-03-06 22:25:08.000000000 +0100
++++ samba-2.0.10/source/smbd/reply.c 2006-03-06 22:25:53.000000000 +0100
@@ -1413,6 +1413,9 @@
for (i=numentries;(i<maxentries) && !finished;i++)
@@ -429,9 +424,9 @@ diff -ur samba-2.0.10/source/smbd/reply.c samba-2.0.10-security/source/smbd/repl
put_dos_date2(p,0,queue[i].time);
CVAL(p,4) = (queue[i].status==LPQ_PRINTING?2:3);
SSVAL(p,5,printjob_encode(SNUM(conn),
-diff -ur samba-2.0.10/source/smbd/trans2.c samba-2.0.10-security/source/smbd/trans2.c
---- samba-2.0.10/source/smbd/trans2.c 2000-04-24 21:27:31.000000000 +0400
-+++ samba-2.0.10-security/source/smbd/trans2.c 2005-05-21 21:51:17.402965936 +0400
+diff -ruN samba-2.0.10.orig/source/smbd/trans2.c samba-2.0.10/source/smbd/trans2.c
+--- samba-2.0.10.orig/source/smbd/trans2.c 2000-04-24 19:27:31.000000000 +0200
++++ samba-2.0.10/source/smbd/trans2.c 2006-03-06 22:25:53.000000000 +0100
@@ -201,7 +201,6 @@
int16 open_ofun = SVAL(params,12);
int32 open_size = IVAL(params,14);
diff --git a/openwrt/package/samba/patches/250-writex.patch b/openwrt/package/samba/patches/250-writex.patch
new file mode 100644
index 0000000000..ed0495e92b
--- /dev/null
+++ b/openwrt/package/samba/patches/250-writex.patch
@@ -0,0 +1,152 @@
+diff -ruN samba-2.0.10.orig/source/include/smb.h samba-2.0.10/source/include/smb.h
+--- samba-2.0.10.orig/source/include/smb.h 2006-03-06 22:25:53.000000000 +0100
++++ samba-2.0.10/source/include/smb.h 2006-03-06 22:27:31.000000000 +0100
+@@ -24,8 +24,14 @@
+ #ifndef _SMB_H
+ #define _SMB_H
+
++#if defined(LARGE_SMB_OFF_T)
++#define BUFFER_SIZE (128*1024)
++#else /* no large readwrite possible */
+ #define BUFFER_SIZE (0xFFFF)
++#endif
++
+ #define SAFETY_MARGIN 1024
++#define LARGE_WRITEX_HDR_SIZE 65
+
+ #define NMB_PORT 137
+ #define DGRAM_PORT 138
+diff -ruN samba-2.0.10.orig/source/lib/util_sock.c samba-2.0.10/source/lib/util_sock.c
+--- samba-2.0.10.orig/source/lib/util_sock.c 2000-03-16 23:59:18.000000000 +0100
++++ samba-2.0.10/source/lib/util_sock.c 2006-03-06 22:27:31.000000000 +0100
+@@ -649,19 +649,21 @@
+ memset(buffer,'\0',smb_size + 100);
+
+ len = read_smb_length_return_keepalive(fd,buffer,timeout);
+- if (len < 0)
+- {
++ if (len < 0) {
+ DEBUG(10,("receive_smb: length < 0!\n"));
+ return(False);
+ }
+
+- if (len > BUFFER_SIZE) {
++ /*
++ * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
++ * of header. Don't print the error if this fits.... JRA.
++ */
++
++ if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+ DEBUG(0,("Invalid packet length! (%d bytes).\n",len));
+ if (len > BUFFER_SIZE + (SAFETY_MARGIN/2))
+- {
+ exit(1);
+ }
+- }
+
+ if(len > 0) {
+ ret = read_socket_data(fd,buffer+4,len);
+diff -ruN samba-2.0.10.orig/source/smbd/oplock.c samba-2.0.10/source/smbd/oplock.c
+--- samba-2.0.10.orig/source/smbd/oplock.c 2000-04-25 04:32:14.000000000 +0200
++++ samba-2.0.10/source/smbd/oplock.c 2006-03-06 22:27:31.000000000 +0100
+@@ -887,13 +887,13 @@
+ messages crossing on the wire.
+ */
+
+- if((inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL)
++ if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL)
+ {
+ DEBUG(0,("oplock_break: malloc fail for input buffer.\n"));
+ return False;
+ }
+
+- if((outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL)
++ if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL)
+ {
+ DEBUG(0,("oplock_break: malloc fail for output buffer.\n"));
+ free(inbuf);
+diff -ruN samba-2.0.10.orig/source/smbd/process.c samba-2.0.10/source/smbd/process.c
+--- samba-2.0.10.orig/source/smbd/process.c 2006-03-06 22:25:28.000000000 +0100
++++ samba-2.0.10/source/smbd/process.c 2006-03-06 22:27:31.000000000 +0100
+@@ -995,8 +995,8 @@
+ time_t last_timeout_processing_time = time(NULL);
+ unsigned int num_smbs = 0;
+
+- InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+- OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
++ InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
++ OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
+ if ((InBuffer == NULL) || (OutBuffer == NULL))
+ return;
+
+@@ -1027,7 +1027,7 @@
+ /* free up temporary memory */
+ lp_talloc_free();
+
+- while(!receive_message_or_smb(InBuffer,BUFFER_SIZE,select_timeout,&got_smb))
++ while(!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout,&got_smb))
+ {
+ if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
+ return;
+diff -ruN samba-2.0.10.orig/source/smbd/reply.c samba-2.0.10/source/smbd/reply.c
+--- samba-2.0.10.orig/source/smbd/reply.c 2006-03-06 22:25:53.000000000 +0100
++++ samba-2.0.10/source/smbd/reply.c 2006-03-06 22:27:31.000000000 +0100
+@@ -2551,17 +2551,28 @@
+ size_t numtowrite = SVAL(inbuf,smb_vwv10);
+ BOOL write_through = BITSETW(inbuf+smb_vwv7,0);
+ ssize_t nwritten = -1;
+- int smb_doff = SVAL(inbuf,smb_vwv11);
++ unsigned int smb_doff = SVAL(inbuf,smb_vwv11);
++ unsigned int smblen = smb_len(inbuf);
+ char *data;
++ BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
+
+ /* If it's an IPC, pass off the pipe handler. */
+- if (IS_IPC(conn))
++ if (IS_IPC(conn)) {
+ return reply_pipe_write_and_X(inbuf,outbuf,length,bufsize);
++ }
+
+ CHECK_FSP(fsp,conn);
+ CHECK_WRITE(fsp);
+ CHECK_ERROR(fsp);
+
++ /* Deal with possible LARGE_WRITEX */
++ if (large_writeX)
++ numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
++
++ if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
++ return(ERROR(ERRDOS,ERRbadmem));
++ }
++
+ data = smb_base(inbuf) + smb_doff;
+
+ if(CVAL(inbuf,smb_wct) == 14) {
+@@ -2586,8 +2597,9 @@
+ #endif /* LARGE_SMB_OFF_T */
+ }
+
+- if (is_locked(fsp,conn,numtowrite,startpos, F_WRLCK))
++ if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
+ return(ERROR(ERRDOS,ERRlock));
++ }
+
+ /* X/Open SMB protocol says that, unlike SMBwrite
+ if the length is zero then NO truncation is
+@@ -2598,12 +2610,15 @@
+ else
+ nwritten = write_file(fsp,data,startpos,numtowrite);
+
+- if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0))
++ if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
+ return(UNIXERROR(ERRDOS,ERRnoaccess));
++ }
+
+ set_message(outbuf,6,0,True);
+
+ SSVAL(outbuf,smb_vwv2,nwritten);
++ if (large_writeX)
++ SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1);
+
+ if (nwritten < (ssize_t)numtowrite) {
+ CVAL(outbuf,smb_rcls) = ERRHRD;