From c4495dd52646adc84f3a83689191c7da9599d445 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 25 Apr 2019 10:57:58 +0200
Subject: [PATCH 1/2] s3:smbd: don't use recvfile on streams
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13938

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu May  9 20:43:53 UTC 2019 on sn-devel-184

(cherry picked from commit 219bc189472acff24410009ee16a409e0aaf8eef)
---
 source3/smbd/smb2_server.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 956c5f0ca09..0d7dc7e20b9 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -3499,6 +3499,9 @@ static bool is_smb2_recvfile_write(struct smbd_smb2_request_read_state *state)
 	if (IS_PRINT(fsp->conn)) {
 		return false;
 	}
+	if (fsp->base_fsp != NULL) {
+		return false;
+	}
 
 	DEBUG(10,("Doing recvfile write len = %u\n",
 		(unsigned int)(state->pktfull - state->pktlen)));
-- 
2.20.1


From cec7fa681f5283ea2a8f23837f0536ba755b165f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 9 May 2019 12:53:11 -0700
Subject: [PATCH 2/2] s3: SMB1: Don't allow recvfile on stream fsp's.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13938

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 10 01:14:02 UTC 2019 on sn-devel-184

(cherry picked from commit 667db8e8c7836c750085729f5062807669cbb204)
---
 source3/smbd/reply.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 405bd6ce004..a5fdcf6f4d6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4973,6 +4973,10 @@ bool is_valid_writeX_buffer(struct smbXsrv_connection *xconn,
 		DEBUG(10,("is_valid_writeX_buffer: printing tid\n"));
 		return false;
 	}
+	if (fsp->base_fsp != NULL) {
+		DEBUG(10,("is_valid_writeX_buffer: stream fsp\n"));
+		return false;
+	}
 	doff = SVAL(inbuf,smb_vwv11);
 
 	numtowrite = SVAL(inbuf,smb_vwv10);
-- 
2.20.1