X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/blobdiff_plain/77eba444ee5c335c9a10f0b1b824efdbf4f93f7a..e54488bbec5c9f80e95cedd395b0e3d31fde253d:/sys/netproto/smb/smb_smb.c

diff --git a/sys/netproto/smb/smb_smb.c b/sys/netproto/smb/smb_smb.c
index 52bd0bbb87..40368ffe68 100644
--- a/sys/netproto/smb/smb_smb.c
+++ b/sys/netproto/smb/smb_smb.c
@@ -30,7 +30,7 @@
  * SUCH DAMAGE.
  *
  * $FreeBSD: src/sys/netsmb/smb_smb.c,v 1.1.2.3 2002/12/14 14:44:19 fjoe Exp $
- * $DragonFly: src/sys/netproto/smb/smb_smb.c,v 1.6 2006/09/05 00:55:49 dillon Exp $
+ * $DragonFly: src/sys/netproto/smb/smb_smb.c,v 1.7 2007/08/21 17:26:47 dillon Exp $
  */
 /*
  * various SMB requests. Most of the routines merely packs data into mbufs.
@@ -46,6 +46,7 @@
 #include <sys/uio.h>
 
 #include <sys/iconv.h>
+#include <machine/limits.h>
 
 #include "smb.h"
 #include "smb_subr.h"
@@ -509,7 +510,7 @@ smb_smb_read(struct smb_share *ssp, u_int16_t fid,
 	mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
 	mb_put_uint16le(mbp, rlen);
 	mb_put_uint32le(mbp, uio->uio_offset);
-	mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
+	mb_put_uint16le(mbp, (unsigned short)szmin(uio->uio_resid, 0xffff));
 	smb_rq_wend(rqp);
 	smb_rq_bstart(rqp);
 	smb_rq_bend(rqp);
@@ -545,16 +546,17 @@ int
 smb_read(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
 	struct smb_cred *scred)
 {
-	int tsize, len, resid;
+	int len, resid;
 	int error = 0;
 
-	tsize = uio->uio_resid;
-	while (tsize > 0) {
-		len = tsize;
+	while (uio->uio_resid > 0) {
+		if (uio->uio_resid > INT_MAX)
+			len = INT_MAX;
+		else
+			len = (int)uio->uio_resid;
 		error = smb_smb_read(ssp, fid, &len, &resid, uio, scred);
 		if (error)
 			break;
-		tsize -= resid;
 		if (resid < len)
 			break;
 	}
@@ -572,6 +574,9 @@ smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
 	u_int8_t wc;
 	int error, blksz;
 
+	/* write data must be real */
+	KKASSERT(uio->uio_segflg != UIO_NOCOPY);
+
 	blksz = SSTOVC(ssp)->vc_txmax - SMB_HDRLEN - 16;
 	if (blksz > 0xffff)
 		blksz = 0xffff;
@@ -586,7 +591,7 @@ smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid,
 	mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM);
 	mb_put_uint16le(mbp, resid);
 	mb_put_uint32le(mbp, uio->uio_offset);
-	mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff));
+	mb_put_uint16le(mbp, (unsigned short)szmin(uio->uio_resid, 0xffff));
 	smb_rq_wend(rqp);
 	smb_rq_bstart(rqp);
 	mb_put_uint8(mbp, SMB_DT_DATA);
@@ -616,13 +621,15 @@ int
 smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
 	struct smb_cred *scred)
 {
-	int error = 0, len, tsize, resid;
+	int error = 0, len, resid;
 	struct uio olduio;
 
-	tsize = uio->uio_resid;
 	olduio = *uio;
-	while (tsize > 0) {
-		len = tsize;
+	while (uio->uio_resid > 0) {
+		if (uio->uio_resid > INT_MAX)
+			len = INT_MAX;
+		else
+			len = (int)uio->uio_resid;
 		error = smb_smb_write(ssp, fid, &len, &resid, uio, scred);
 		if (error)
 			break;
@@ -630,7 +637,6 @@ smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio,
 			error = EIO;
 			break;
 		}
-		tsize -= resid;
 	}
 	if (error) {
 		/*