@@ -143,9 +143,17 @@ smb2_cmd_read_async(struct smb2_context *smb2,
143143 return NULL ;
144144 }
145145
146- /* Add a vector for the buffer that the application gave us */
147- smb2_add_iovector (smb2 , & pdu -> in , req -> buf ,
148- req -> length , NULL );
146+ /* Add a vector for the reply buffer that the application gave us */
147+ if (req -> length ) {
148+ if (!req -> buf ) {
149+ /* need a place to put read data, so fail if app doesn't supply one */
150+ smb2_set_error (smb2 , "No buffer for read reply data" );
151+ smb2_free_pdu (smb2 , pdu );
152+ return NULL ;
153+ }
154+
155+ smb2_add_iovector (smb2 , & pdu -> in , req -> buf , req -> length , NULL );
156+ }
149157
150158 if (smb2_pad_to_64bit (smb2 , & pdu -> out ) != 0 ) {
151159 smb2_free_pdu (smb2 , pdu );
@@ -269,7 +277,7 @@ static void free_read_reply(struct smb2_context *smb2, void * payload) {
269277 if (payload == NULL ) {
270278 return ;
271279 }
272-
280+
273281 rep = (struct smb2_read_reply * )payload ;
274282 if (rep -> data_length != 0 && rep -> data != NULL ) {
275283 free (rep -> data );
@@ -313,7 +321,7 @@ smb2_process_read_request_fixed(struct smb2_context *smb2,
313321 return -1 ;
314322 }
315323
316- req = malloc ( sizeof (* req ));
324+ req = calloc ( 1 , sizeof (* req ));
317325 if (req == NULL ) {
318326 smb2_set_error (smb2 , "Failed to allocate read request" );
319327 return -1 ;
@@ -340,16 +348,6 @@ smb2_process_read_request_fixed(struct smb2_context *smb2,
340348 return -1 ;
341349 }
342350
343- /* provide an iovec to read the data into */
344- req -> buf = malloc (req -> length );
345- if (!req -> buf ) {
346- smb2_set_error (smb2 , "can not alloc for read reply data" );
347- pdu -> payload = NULL ;
348- free (req );
349- return -1 ;
350- }
351- smb2_add_iovector (smb2 , & pdu -> in , req -> buf , req -> length , free );
352-
353351 if (req -> read_channel_info_length == 0 ) {
354352 return 0 ;
355353 }
0 commit comments