2725
2713
#endif /* HAVE_SYS_QUOTAS */
2727
/****************************************************************************
2728
Reply to a SMBNTtrans.
2729
****************************************************************************/
2731
int reply_nttrans(connection_struct *conn,
2732
char *inbuf,char *outbuf,int length,int bufsize)
2715
static int handle_nttrans(connection_struct *conn,
2716
struct trans_state *state,
2717
char *inbuf, char *outbuf, int size, int bufsize)
2735
uint32 max_data_count = IVAL(inbuf,smb_nt_MaxDataCount);
2736
#if 0 /* Not used. */
2737
uint16 max_setup_count = CVAL(inbuf, smb_nt_MaxSetupCount);
2738
uint32 max_parameter_count = IVAL(inbuf, smb_nt_MaxParameterCount);
2739
#endif /* Not used. */
2740
uint32 total_parameter_count = IVAL(inbuf, smb_nt_TotalParameterCount);
2741
uint32 total_data_count = IVAL(inbuf, smb_nt_TotalDataCount);
2742
uint32 parameter_count = IVAL(inbuf,smb_nt_ParameterCount);
2743
uint32 parameter_offset = IVAL(inbuf,smb_nt_ParameterOffset);
2744
uint32 data_count = IVAL(inbuf,smb_nt_DataCount);
2745
uint32 data_offset = IVAL(inbuf,smb_nt_DataOffset);
2746
uint16 setup_count = 2*CVAL(inbuf,smb_nt_SetupCount); /* setup count is in *words* */
2747
uint16 function_code = SVAL( inbuf, smb_nt_Function);
2748
char *params = NULL, *data = NULL, *setup = NULL;
2749
uint32 num_params_sofar, num_data_sofar;
2750
START_PROFILE(SMBnttrans);
2752
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
2753
END_PROFILE(SMBnttrans);
2754
return ERROR_DOS(ERRSRV,ERRaccess);
2757
outsize = set_message(outbuf,0,0,True);
2760
* All nttrans messages we handle have smb_wct == 19 + setup_count.
2761
* Ensure this is so as a sanity check.
2764
if(CVAL(inbuf, smb_wct) != 19 + (setup_count/2)) {
2765
DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
2766
CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
2770
/* Don't allow more than 128mb for each value. */
2771
if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) {
2772
END_PROFILE(SMBnttrans);
2773
return ERROR_DOS(ERRDOS,ERRnomem);
2776
/* Allocate the space for the setup, the maximum needed parameters and data */
2778
if(setup_count > 0) {
2779
setup = (char *)SMB_MALLOC(setup_count);
2781
if (total_parameter_count > 0) {
2782
params = (char *)SMB_MALLOC(total_parameter_count);
2784
if (total_data_count > 0) {
2785
data = (char *)SMB_MALLOC(total_data_count);
2788
if ((total_parameter_count && !params) || (total_data_count && !data) ||
2789
(setup_count && !setup)) {
2793
DEBUG(0,("reply_nttrans : Out of memory\n"));
2794
END_PROFILE(SMBnttrans);
2795
return ERROR_DOS(ERRDOS,ERRnomem);
2798
/* Copy the param and data bytes sent with this request into the params buffer */
2799
num_params_sofar = parameter_count;
2800
num_data_sofar = data_count;
2802
if (parameter_count > total_parameter_count || data_count > total_data_count)
2806
DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
2807
if ((smb_nt_SetupStart + setup_count < smb_nt_SetupStart) ||
2808
(smb_nt_SetupStart + setup_count < setup_count)) {
2811
if (smb_nt_SetupStart + setup_count > length) {
2815
memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
2816
dump_data(10, setup, setup_count);
2819
DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
2820
if ((parameter_offset + parameter_count < parameter_offset) ||
2821
(parameter_offset + parameter_count < parameter_count)) {
2824
if ((smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length)||
2825
(smb_base(inbuf) + parameter_offset + parameter_count < smb_base(inbuf))) {
2829
memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
2830
dump_data(10, params, parameter_count);
2833
DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
2834
if ((data_offset + data_count < data_offset) || (data_offset + data_count < data_count)) {
2837
if ((smb_base(inbuf) + data_offset + data_count > inbuf + length) ||
2838
(smb_base(inbuf) + data_offset + data_count < smb_base(inbuf))) {
2842
memcpy( data, smb_base(inbuf) + data_offset, data_count);
2843
dump_data(10, data, data_count);
2846
srv_signing_trans_start(SVAL(inbuf,smb_mid));
2848
if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
2849
/* We need to send an interim response then receive the rest
2850
of the parameter/data bytes */
2851
outsize = set_message(outbuf,0,0,True);
2852
srv_signing_trans_stop();
2854
if (!send_smb(smbd_server_fd(),outbuf)) {
2855
exit_server("reply_nttrans: send_smb failed.");
2858
while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
2860
uint32 parameter_displacement;
2861
uint32 data_displacement;
2863
ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
2865
/* We need to re-calcuate the new length after we've read the secondary packet. */
2866
length = smb_len(inbuf) + 4;
2869
* The sequence number for the trans reply is always
2870
* based on the last secondary received.
2873
srv_signing_trans_start(SVAL(inbuf,smb_mid));
2875
if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
2876
outsize = set_message(outbuf,0,0,True);
2878
DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
2880
DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
2881
(smb_read_error == READ_ERROR) ? "error" : "timeout" ));
2886
/* Revise total_params and total_data in case they have changed downwards */
2887
if (IVAL(inbuf, smb_nts_TotalParameterCount) < total_parameter_count) {
2888
total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
2890
if (IVAL(inbuf, smb_nts_TotalDataCount) < total_data_count) {
2891
total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
2894
parameter_count = IVAL(inbuf,smb_nts_ParameterCount);
2895
parameter_offset = IVAL(inbuf, smb_nts_ParameterOffset);
2896
parameter_displacement = IVAL(inbuf, smb_nts_ParameterDisplacement);
2897
num_params_sofar += parameter_count;
2899
data_count = IVAL(inbuf, smb_nts_DataCount);
2900
data_displacement = IVAL(inbuf, smb_nts_DataDisplacement);
2901
data_offset = IVAL(inbuf, smb_nts_DataOffset);
2902
num_data_sofar += data_count;
2904
if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) {
2905
DEBUG(0,("reply_nttrans2: data overflow in secondary nttrans packet"));
2909
if (parameter_count) {
2910
if (parameter_displacement + parameter_count > total_parameter_count) {
2913
if ((parameter_displacement + parameter_count < parameter_displacement) ||
2914
(parameter_displacement + parameter_count < parameter_count)) {
2917
if (parameter_displacement > total_parameter_count) {
2920
if ((smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length) ||
2921
(smb_base(inbuf) + parameter_offset + parameter_count < smb_base(inbuf))) {
2924
if (parameter_displacement + params < params) {
2928
memcpy( ¶ms[parameter_displacement], smb_base(inbuf) + parameter_offset, parameter_count);
2932
if (data_displacement + data_count > total_data_count) {
2935
if ((data_displacement + data_count < data_displacement) ||
2936
(data_displacement + data_count < data_count)) {
2939
if (data_displacement > total_data_count) {
2942
if ((smb_base(inbuf) + data_offset + data_count > inbuf + length) ||
2943
(smb_base(inbuf) + data_offset + data_count < smb_base(inbuf))) {
2946
if (data_displacement + data < data) {
2950
memcpy( &data[data_displacement], smb_base(inbuf)+ data_offset, data_count);
2955
2721
if (Protocol >= PROTOCOL_NT1) {
2956
SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_IS_LONG_NAME);
2722
SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | 0x40); /* IS_LONG_NAME */
2959
2725
/* Now we must call the relevant NT_TRANS function */
2960
switch(function_code) {
2726
switch(state->call) {
2961
2727
case NT_TRANSACT_CREATE:
2962
2729
START_PROFILE_NESTED(NT_transact_create);
2963
2730
outsize = call_nt_transact_create(conn, inbuf, outbuf,
2965
&setup, setup_count,
2966
¶ms, total_parameter_count,
2967
&data, total_data_count, max_data_count);
2732
&state->setup, state->setup_count,
2733
&state->param, state->total_param,
2734
&state->data, state->total_data,
2735
state->max_data_return);
2968
2736
END_PROFILE_NESTED(NT_transact_create);
2970
2740
case NT_TRANSACT_IOCTL:
2971
2742
START_PROFILE_NESTED(NT_transact_ioctl);
2972
2743
outsize = call_nt_transact_ioctl(conn, inbuf, outbuf,
2974
&setup, setup_count,
2975
¶ms, total_parameter_count,
2976
&data, total_data_count, max_data_count);
2745
&state->setup, state->setup_count,
2746
&state->param, state->total_param,
2747
&state->data, state->total_data, state->max_data_return);
2977
2748
END_PROFILE_NESTED(NT_transact_ioctl);
2979
2752
case NT_TRANSACT_SET_SECURITY_DESC:
2980
2754
START_PROFILE_NESTED(NT_transact_set_security_desc);
2981
2755
outsize = call_nt_transact_set_security_desc(conn, inbuf, outbuf,
2983
&setup, setup_count,
2984
¶ms, total_parameter_count,
2985
&data, total_data_count, max_data_count);
2757
&state->setup, state->setup_count,
2758
&state->param, state->total_param,
2759
&state->data, state->total_data, state->max_data_return);
2986
2760
END_PROFILE_NESTED(NT_transact_set_security_desc);
2988
2764
case NT_TRANSACT_NOTIFY_CHANGE:
2989
2766
START_PROFILE_NESTED(NT_transact_notify_change);
2990
2767
outsize = call_nt_transact_notify_change(conn, inbuf, outbuf,
2992
&setup, setup_count,
2993
¶ms, total_parameter_count,
2994
&data, total_data_count, max_data_count);
2769
&state->setup, state->setup_count,
2770
&state->param, state->total_param,
2771
&state->data, state->total_data, state->max_data_return);
2995
2772
END_PROFILE_NESTED(NT_transact_notify_change);
2997
2776
case NT_TRANSACT_RENAME:
2998
2778
START_PROFILE_NESTED(NT_transact_rename);
2999
2779
outsize = call_nt_transact_rename(conn, inbuf, outbuf,
3001
&setup, setup_count,
3002
¶ms, total_parameter_count,
3003
&data, total_data_count, max_data_count);
2781
&state->setup, state->setup_count,
2782
&state->param, state->total_param,
2783
&state->data, state->total_data, state->max_data_return);
3004
2784
END_PROFILE_NESTED(NT_transact_rename);
3007
2788
case NT_TRANSACT_QUERY_SECURITY_DESC:
3008
2790
START_PROFILE_NESTED(NT_transact_query_security_desc);
3009
2791
outsize = call_nt_transact_query_security_desc(conn, inbuf, outbuf,
3011
&setup, setup_count,
3012
¶ms, total_parameter_count,
3013
&data, total_data_count, max_data_count);
2793
&state->setup, state->setup_count,
2794
&state->param, state->total_param,
2795
&state->data, state->total_data, state->max_data_return);
3014
2796
END_PROFILE_NESTED(NT_transact_query_security_desc);
3016
2800
#ifdef HAVE_SYS_QUOTAS
3017
2801
case NT_TRANSACT_GET_USER_QUOTA:
3018
2803
START_PROFILE_NESTED(NT_transact_get_user_quota);
3019
2804
outsize = call_nt_transact_get_user_quota(conn, inbuf, outbuf,
3021
&setup, setup_count,
3022
¶ms, total_parameter_count,
3023
&data, total_data_count, max_data_count);
2806
&state->setup, state->setup_count,
2807
&state->param, state->total_param,
2808
&state->data, state->total_data, state->max_data_return);
3024
2809
END_PROFILE_NESTED(NT_transact_get_user_quota);
3026
2813
case NT_TRANSACT_SET_USER_QUOTA:
3027
2815
START_PROFILE_NESTED(NT_transact_set_user_quota);
3028
2816
outsize = call_nt_transact_set_user_quota(conn, inbuf, outbuf,
3030
&setup, setup_count,
3031
¶ms, total_parameter_count,
3032
&data, total_data_count, max_data_count);
2818
&state->setup, state->setup_count,
2819
&state->param, state->total_param,
2820
&state->data, state->total_data, state->max_data_return);
3033
2821
END_PROFILE_NESTED(NT_transact_set_user_quota);
3035
2824
#endif /* HAVE_SYS_QUOTAS */
3037
2827
/* Error in request */
3038
DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n", function_code));
3042
END_PROFILE(SMBnttrans);
3043
srv_signing_trans_stop();
2828
DEBUG(0,("reply_nttrans: Unknown request %d in nttrans call\n",
3044
2830
return ERROR_DOS(ERRSRV,ERRerror);
3047
/* As we do not know how many data packets will need to be
3048
returned here the various call_nt_transact_xxxx calls
3049
must send their own. Thus a call_nt_transact_xxxx routine only
3050
returns a value other than -1 when it wants to send
3054
srv_signing_trans_stop();
3059
END_PROFILE(SMBnttrans);
3060
return outsize; /* If a correct response was needed the call_nt_transact_xxxx
3061
calls have already sent it. If outsize != -1 then it is
3062
returning an error packet. */
3066
srv_signing_trans_stop();
3070
END_PROFILE(SMBnttrans);
2835
/****************************************************************************
2836
Reply to a SMBNTtrans.
2837
****************************************************************************/
2839
int reply_nttrans(connection_struct *conn,
2840
char *inbuf,char *outbuf,int size,int bufsize)
2843
uint32 pscnt = IVAL(inbuf,smb_nt_ParameterCount);
2844
uint32 psoff = IVAL(inbuf,smb_nt_ParameterOffset);
2845
uint32 dscnt = IVAL(inbuf,smb_nt_DataCount);
2846
uint32 dsoff = IVAL(inbuf,smb_nt_DataOffset);
2848
uint16 function_code = SVAL( inbuf, smb_nt_Function);
2850
struct trans_state *state;
2852
START_PROFILE(SMBnttrans);
2854
if (IS_IPC(conn) && (function_code != NT_TRANSACT_CREATE)) {
2855
END_PROFILE(SMBnttrans);
2856
return ERROR_DOS(ERRSRV,ERRaccess);
2859
result = allow_new_trans(conn->pending_trans, SVAL(inbuf, smb_mid));
2860
if (!NT_STATUS_IS_OK(result)) {
2861
DEBUG(2, ("Got invalid nttrans request: %s\n", nt_errstr(result)));
2862
END_PROFILE(SMBnttrans);
2863
return ERROR_NT(result);
2866
if ((state = TALLOC_P(NULL, struct trans_state)) == NULL) {
2867
END_PROFILE(SMBnttrans);
2868
return ERROR_DOS(ERRSRV,ERRaccess);
2871
state->cmd = SMBnttrans;
2873
state->mid = SVAL(inbuf,smb_mid);
2874
state->vuid = SVAL(inbuf,smb_uid);
2875
state->total_data = IVAL(inbuf, smb_nt_TotalDataCount);
2877
state->total_param = IVAL(inbuf, smb_nt_TotalParameterCount);
2878
state->param = NULL;
2879
state->max_data_return = IVAL(inbuf,smb_nt_MaxDataCount);
2881
/* setup count is in *words* */
2882
state->setup_count = 2*CVAL(inbuf,smb_nt_SetupCount);
2883
state->call = function_code;
2886
* All nttrans messages we handle have smb_wct == 19 +
2887
* state->setup_count. Ensure this is so as a sanity check.
2890
if(CVAL(inbuf, smb_wct) != 19 + (state->setup_count/2)) {
2891
DEBUG(2,("Invalid smb_wct %d in nttrans call (should be %d)\n",
2892
CVAL(inbuf, smb_wct), 19 + (state->setup_count/2)));
2896
/* Don't allow more than 128mb for each value. */
2897
if ((state->total_data > (1024*1024*128)) ||
2898
(state->total_param > (1024*1024*128))) {
2899
END_PROFILE(SMBnttrans);
2900
return ERROR_DOS(ERRDOS,ERRnomem);
2903
if ((dscnt > state->total_data) || (pscnt > state->total_param))
2906
if (state->total_data) {
2907
/* Can't use talloc here, the core routines do realloc on the
2908
* params and data. */
2909
if ((state->data = SMB_MALLOC(state->total_data)) == NULL) {
2910
DEBUG(0,("reply_nttrans: data malloc fail for %u "
2911
"bytes !\n", (unsigned int)state->total_data));
2913
END_PROFILE(SMBnttrans);
2914
return(ERROR_DOS(ERRDOS,ERRnomem));
2916
if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
2918
if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) ||
2919
(smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf)))
2922
memcpy(state->data,smb_base(inbuf)+dsoff,dscnt);
2925
if (state->total_param) {
2926
/* Can't use talloc here, the core routines do realloc on the
2927
* params and data. */
2928
if ((state->param = SMB_MALLOC(state->total_param)) == NULL) {
2929
DEBUG(0,("reply_nttrans: param malloc fail for %u "
2930
"bytes !\n", (unsigned int)state->total_param));
2931
SAFE_FREE(state->data);
2933
END_PROFILE(SMBnttrans);
2934
return(ERROR_DOS(ERRDOS,ERRnomem));
2936
if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
2938
if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) ||
2939
(smb_base(inbuf)+psoff+pscnt < smb_base(inbuf)))
2942
memcpy(state->param,smb_base(inbuf)+psoff,pscnt);
2945
state->received_data = dscnt;
2946
state->received_param = pscnt;
2948
if(state->setup_count > 0) {
2949
DEBUG(10,("reply_nttrans: state->setup_count = %d\n",
2950
state->setup_count));
2951
state->setup = TALLOC(state, state->setup_count);
2952
if (state->setup == NULL) {
2953
DEBUG(0,("reply_nttrans : Out of memory\n"));
2954
SAFE_FREE(state->data);
2955
SAFE_FREE(state->param);
2957
END_PROFILE(SMBnttrans);
2958
return ERROR_DOS(ERRDOS,ERRnomem);
2961
if ((smb_nt_SetupStart + state->setup_count < smb_nt_SetupStart) ||
2962
(smb_nt_SetupStart + state->setup_count < state->setup_count)) {
2965
if (smb_nt_SetupStart + state->setup_count > size) {
2969
memcpy( state->setup, &inbuf[smb_nt_SetupStart], state->setup_count);
2970
dump_data(10, (char *)state->setup, state->setup_count);
2973
if ((state->received_data == state->total_data) &&
2974
(state->received_param == state->total_param)) {
2975
outsize = handle_nttrans(conn, state, inbuf, outbuf,
2977
SAFE_FREE(state->param);
2978
SAFE_FREE(state->data);
2980
END_PROFILE(SMBnttrans);
2984
DLIST_ADD(conn->pending_trans, state);
2986
/* We need to send an interim response then receive the rest
2987
of the parameter/data bytes */
2988
outsize = set_message(outbuf,0,0,False);
2990
END_PROFILE(SMBnttrans);
2995
DEBUG(0,("reply_nttrans: invalid trans parameters\n"));
2996
SAFE_FREE(state->data);
2997
SAFE_FREE(state->param);
2999
END_PROFILE(SMBnttrans);
3000
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
3003
/****************************************************************************
3004
Reply to a SMBnttranss
3005
****************************************************************************/
3007
int reply_nttranss(connection_struct *conn, char *inbuf,char *outbuf,
3008
int size,int bufsize)
3011
unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
3012
struct trans_state *state;
3014
START_PROFILE(SMBnttranss);
3018
for (state = conn->pending_trans; state != NULL;
3019
state = state->next) {
3020
if (state->mid == SVAL(inbuf,smb_mid)) {
3025
if ((state == NULL) || (state->cmd != SMBnttrans)) {
3026
END_PROFILE(SMBnttranss);
3027
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
3030
/* Revise state->total_param and state->total_data in case they have
3031
changed downwards */
3032
if (IVAL(inbuf, smb_nts_TotalParameterCount) < state->total_param) {
3033
state->total_param = IVAL(inbuf, smb_nts_TotalParameterCount);
3035
if (IVAL(inbuf, smb_nts_TotalDataCount) < state->total_data) {
3036
state->total_data = IVAL(inbuf, smb_nts_TotalDataCount);
3039
pcnt = IVAL(inbuf,smb_nts_ParameterCount);
3040
poff = IVAL(inbuf, smb_nts_ParameterOffset);
3041
pdisp = IVAL(inbuf, smb_nts_ParameterDisplacement);
3043
dcnt = IVAL(inbuf, smb_nts_DataCount);
3044
ddisp = IVAL(inbuf, smb_nts_DataDisplacement);
3045
doff = IVAL(inbuf, smb_nts_DataOffset);
3047
state->received_param += pcnt;
3048
state->received_data += dcnt;
3050
if ((state->received_data > state->total_data) ||
3051
(state->received_param > state->total_param))
3055
if (pdisp+pcnt > state->total_param)
3057
if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
3059
if (pdisp > state->total_param)
3061
if ((smb_base(inbuf) + poff + pcnt > inbuf + size) ||
3062
(smb_base(inbuf) + poff + pcnt < smb_base(inbuf)))
3064
if (state->param + pdisp < state->param)
3067
memcpy(state->param+pdisp,smb_base(inbuf)+poff,
3072
if (ddisp+dcnt > state->total_data)
3074
if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
3076
if (ddisp > state->total_data)
3078
if ((smb_base(inbuf) + doff + dcnt > inbuf + size) ||
3079
(smb_base(inbuf) + doff + dcnt < smb_base(inbuf)))
3081
if (state->data + ddisp < state->data)
3084
memcpy(state->data+ddisp, smb_base(inbuf)+doff,
3088
if ((state->received_param < state->total_param) ||
3089
(state->received_data < state->total_data)) {
3090
END_PROFILE(SMBnttranss);
3094
/* construct_reply_common has done us the favor to pre-fill the
3095
* command field with SMBnttranss which is wrong :-)
3097
SCVAL(outbuf,smb_com,SMBnttrans);
3099
outsize = handle_nttrans(conn, state, inbuf, outbuf,
3102
DLIST_REMOVE(conn->pending_trans, state);
3103
SAFE_FREE(state->data);
3104
SAFE_FREE(state->param);
3108
END_PROFILE(SMBnttranss);
3109
return(ERROR_DOS(ERRSRV,ERRnosupport));
3112
END_PROFILE(SMBnttranss);
3117
DEBUG(0,("reply_nttranss: invalid trans parameters\n"));
3118
DLIST_REMOVE(conn->pending_trans, state);
3119
SAFE_FREE(state->data);
3120
SAFE_FREE(state->param);
3122
END_PROFILE(SMBnttranss);
3071
3123
return ERROR_NT(NT_STATUS_INVALID_PARAMETER);