pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/38300: samba + NetBSD smbfs trouble
The following reply was made to PR pkg/38300; it has been noted by GNATS.
From: "Dave J. Barnes" <djb.pizza%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: pkg/38300: samba + NetBSD smbfs trouble
Date: Wed, 26 Mar 2008 22:07:53 -0500
gnats-admin%netbsd.org@localhost wrote:
> Thank you very much for your problem report.
> It has the internal identification `pkg/38300'.
> The individual assigned to look at your
> report is: pkg-manager.
>
>
>> Category: pkg
>> Responsible: pkg-manager
>> Synopsis: samba + NetBSD smbfs trouble
>> Arrival-Date: Wed Mar 26 09:30:00 +0000 2008
>>
>
>
>
Followup:
Problem in Samba -- fixed in 3.0.27a and later.
The following diff seems to work for 3.0.26:
diff -u -r source-orig/smbd/negprot.c source/smbd/negprot.c
--- source-orig/smbd/negprot.c 2007-11-14 19:15:04.000000000 -0800
+++ source/smbd/negprot.c 2007-11-16 11:53:31.000000000 -0800
@@ -346,7 +346,7 @@
SCVAL(outbuf,smb_vwv16+1,8);
p += 8;
}
- p += srvstr_push(outbuf, p, lp_workgroup(), -1,
+ p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE -
(p-outbuf),
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
DEBUG(3,("not using SPNEGO\n"));
} else {
diff -u -r source-orig/smbd/reply.c source/smbd/reply.c
--- source-orig/smbd/reply.c 2007-11-14 19:15:04.000000000 -0800
+++ source/smbd/reply.c 2007-11-16 11:56:03.000000000 -0800
@@ -524,7 +524,7 @@
if (Protocol < PROTOCOL_NT1) {
set_message(outbuf,2,0,True);
p = smb_buf(outbuf);
- p += srvstr_push(outbuf, p, server_devicetype, -1,
+ p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p
- outbuf),
STR_TERMINATE|STR_ASCII);
set_message_end(outbuf,p);
} else {
@@ -554,9 +554,9 @@
}
p = smb_buf(outbuf);
- p += srvstr_push(outbuf, p, server_devicetype, -1,
+ p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p
- outbuf),
STR_TERMINATE|STR_ASCII);
- p += srvstr_push(outbuf, p, fstype, -1,
+ p += srvstr_push(outbuf, p, fstype, BUFFER_SIZE - (p - outbuf),
STR_TERMINATE);
set_message_end(outbuf,p);
@@ -1766,7 +1766,7 @@
thing in the byte section. JRA */
SSVALS(p, 0, -1); /* what is this? not in spec */
#endif
- namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);
+ namelen = srvstr_push(outbuf, p, s, BUFFER_SIZE - (p - outbuf),
STR_ASCII|STR_TERMINATE);
p += namelen;
outsize = set_message_end(outbuf, p);
diff -u -r source-orig/smbd/srvstr.c source/smbd/srvstr.c
--- source-orig/smbd/srvstr.c 2007-11-14 19:15:04.000000000 -0800
+++ source/smbd/srvstr.c 2007-11-16 11:41:16.000000000 -0800
@@ -28,17 +28,10 @@
const char *base_ptr, void *dest,
const char *src, int dest_len, int flags)
{
- size_t buf_used = PTR_DIFF(dest, base_ptr);
- if (dest_len == -1) {
- if (((ptrdiff_t)dest < (ptrdiff_t)base_ptr) || (buf_used >
(size_t)max_send)) {
-#if 0
- DEBUG(0, ("Pushing string of 'unlimited' length into
non-SMB buffer!\n"));
-#endif
- return push_string_fn(function, line, base_ptr, dest, src,
-1, flags);
- }
- return push_string_fn(function, line, base_ptr, dest, src,
max_send - buf_used, flags);
+ if (dest_len < 0) {
+ return 0;
}
-
+
/* 'normal' push into size-specified buffer */
return push_string_fn(function, line, base_ptr, dest, src,
dest_len, flags);
}
diff -u -r source-orig/smbd/trans2.c source/smbd/trans2.c
--- source-orig/smbd/trans2.c 2007-11-14 19:15:04.000000000 -0800
+++ source/smbd/trans2.c 2007-11-16 11:47:47.000000000 -0800
@@ -1283,7 +1283,7 @@
p += 23;
nameptr = p;
p += align_string(outbuf, p, 0);
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p -
pdata), STR_TERMINATE);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
SCVAL(nameptr, -1, len - 2);
@@ -1318,7 +1318,7 @@
}
p += 27;
nameptr = p - 1;
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE |
STR_NOALIGN);
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p -
pdata), STR_TERMINATE | STR_NOALIGN);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
@@ -1372,9 +1372,9 @@
}
/* Push the ea_data followed by the name. */
- p += fill_ea_buffer(ea_ctx, p, space_remaining, conn,
name_list);
+ p += fill_ea_buffer(ea_ctx, p, space_remaining - (p -
pdata), conn, name_list);
nameptr = p;
- len = srvstr_push(outbuf, p + 1, fname, -1, STR_TERMINATE |
STR_NOALIGN);
+ len = srvstr_push(outbuf, p + 1, fname, space_remaining -
(p - pdata), STR_TERMINATE | STR_NOALIGN);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
@@ -1431,7 +1431,7 @@
memset(p,'\0',26);
}
p += 2 + 24;
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p -
pdata), STR_TERMINATE_ASCII);
SIVAL(q,0,len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1452,7 +1452,7 @@
SOFF_T(p,0,file_size); p += 8;
SOFF_T(p,0,allocation_size); p += 8;
SIVAL(p,0,nt_extmode); p += 4;
- len = srvstr_push(outbuf, p + 4, fname, -1,
STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p + 4, fname, space_remaining -
(p - pdata), STR_TERMINATE_ASCII);
SIVAL(p,0,len);
p += 4 + len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1479,7 +1479,7 @@
SIVAL(p,0,ea_size); /* Extended attributes */
p +=4;
}
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p -
pdata), STR_TERMINATE_ASCII);
SIVAL(q, 0, len);
p += len;
@@ -1497,7 +1497,7 @@
p += 4;
/* this must *not* be null terminated or w2k gets in a loop
trying to set an
acl on a dir (tridge) */
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p -
pdata), STR_TERMINATE_ASCII);
SIVAL(p, -4, len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1527,7 +1527,7 @@
SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p -
pdata), STR_TERMINATE_ASCII);
SIVAL(q, 0, len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1578,7 +1578,7 @@
SSVAL(p,0,0); p += 2; /* Reserved ? */
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p -
pdata), STR_TERMINATE_ASCII);
SIVAL(q,0,len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1601,14 +1601,14 @@
DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_UNIX\n"));
p = store_file_unix_basic(conn, p,
NULL, &sbuf);
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE);
} else {
DEBUG(10,("get_lanman2_dir_entry:
SMB_FIND_FILE_UNIX_INFO2\n"));
p = store_file_unix_basic_info2(conn, p,
NULL, &sbuf);
nameptr = p;
p += 4;
- len = srvstr_push(outbuf, p, fname, -1, 0);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), 0);
SIVAL(nameptr, 0, len);
}
@@ -2309,7 +2309,7 @@
* this call so try fixing this by adding a terminating null to
* the pushed string. The change here was adding the
STR_TERMINATE. JRA.
*/
- len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname,
-1, STR_NOALIGN|STR_TERMINATE);
+ len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname,
max_data_bytes - l2_vol_szVolLabel, STR_NOALIGN|STR_TERMINATE);
SCVAL(pdata,l2_vol_cch,len);
data_len = l2_vol_szVolLabel + len;
DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d,
name = %s\n",
@@ -2331,14 +2331,14 @@
SIVAL(pdata,4,255); /* Max filename component length */
/* NOTE! the fstype must *not* be null terminated or win98
won't recognise it
and will think we can't do long filenames */
- len = srvstr_push(outbuf, pdata+12, fstype, -1, STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+12, fstype, max_data_bytes
- 12, STR_UNICODE);
SIVAL(pdata,8,len);
data_len = 12 + len;
break;
case SMB_QUERY_FS_LABEL_INFO:
case SMB_FS_LABEL_INFORMATION:
- len = srvstr_push(outbuf, pdata+4, vname, -1, 0);
+ len = srvstr_push(outbuf, pdata+4, vname, max_data_bytes -
4, 0);
data_len = 4 + len;
SIVAL(pdata,0,len);
break;
@@ -2354,7 +2354,7 @@
(str_checksum(get_local_machine_name())<<16));
/* Max label len is 32 characters. */
- len = srvstr_push(outbuf, pdata+18, vname, -1, STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+18, vname, max_data_bytes -
18, STR_UNICODE);
SIVAL(pdata,12,len);
data_len = 18+len;
@@ -3589,7 +3589,7 @@
if(!mangle_is_8_3(short_name, True, conn->params)) {
mangle_map(short_name,True,True,conn->params);
}
- len = srvstr_push(outbuf, pdata+4, short_name, -1,
STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+4, short_name,
max_data_bytes - 4, STR_UNICODE);
data_size = 4 + len;
SIVAL(pdata,0,len);
break;
@@ -3599,7 +3599,7 @@
/*
this must be *exactly* right for ACLs on mapped drives to
work
*/
- len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+4, dos_fname,
max_data_bytes - 4, STR_UNICODE);
DEBUG(10,("call_trans2qfilepathinfo:
SMB_QUERY_FILE_NAME_INFO\n"));
data_size = 4 + len;
SIVAL(pdata,0,len);
@@ -3640,7 +3640,7 @@
pdata += 24;
SIVAL(pdata,0,ea_size);
pdata += 4; /* EA info */
- len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+4, dos_fname,
max_data_bytes - (pdata+4 - *ppdata), STR_UNICODE);
SIVAL(pdata,0,len);
pdata += 4 + len;
data_size = PTR_DIFF(pdata,(*ppdata));
@@ -3802,7 +3802,7 @@
if (len == -1)
return(UNIXERROR(ERRDOS,ERRnoaccess));
buffer[len] = 0;
- len = srvstr_push(outbuf, pdata, buffer, -1,
STR_TERMINATE);
+ len = srvstr_push(outbuf, pdata, buffer,
max_data_bytes, STR_TERMINATE);
pdata += len;
data_size = PTR_DIFF(pdata,(*ppdata));
Home |
Main Index |
Thread Index |
Old Index