svn commit: samba r23752 - in branches: SAMBA_3_0/source/smbd
SAMBA_3_0_26/source/smbd
jra at samba.org
jra at samba.org
Mon Jul 9 00:48:09 GMT 2007
Author: jra
Date: 2007-07-09 00:48:07 +0000 (Mon, 09 Jul 2007)
New Revision: 23752
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23752
Log:
Fix bug introduced by checkin 22920, allow large
readX. Fix from Dmitry Shatrov <dhsatrov at linux.vnet.ibm.com>.
"In send_file_readX(), if startpos > sbuf.st_size, then smb_maxcnt is set
to an invalid large value due to integer overflow.
As for me, this resulted in MS Word hanging while trying to save
a 1.5Mb document."
This isn't in shipping code.
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/reply.c
branches/SAMBA_3_0_26/source/smbd/reply.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/reply.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/reply.c 2007-07-08 22:01:43 UTC (rev 23751)
+++ branches/SAMBA_3_0/source/smbd/reply.c 2007-07-09 00:48:07 UTC (rev 23752)
@@ -2590,9 +2590,7 @@
if (startpos > sbuf.st_size) {
smb_maxcnt = 0;
- }
-
- if (smb_maxcnt > (sbuf.st_size - startpos)) {
+ } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
smb_maxcnt = (sbuf.st_size - startpos);
}
Modified: branches/SAMBA_3_0_26/source/smbd/reply.c
===================================================================
--- branches/SAMBA_3_0_26/source/smbd/reply.c 2007-07-08 22:01:43 UTC (rev 23751)
+++ branches/SAMBA_3_0_26/source/smbd/reply.c 2007-07-09 00:48:07 UTC (rev 23752)
@@ -2590,9 +2590,7 @@
if (startpos > sbuf.st_size) {
smb_maxcnt = 0;
- }
-
- if (smb_maxcnt > (sbuf.st_size - startpos)) {
+ } else if (smb_maxcnt > (sbuf.st_size - startpos)) {
smb_maxcnt = (sbuf.st_size - startpos);
}
More information about the samba-cvs
mailing list