[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-232-g6bf053a
Jeremy Allison
jra at samba.org
Thu Nov 8 05:56:40 GMT 2007
The branch, v3-2-test has been updated
via 6bf053a6a17749a3bc73c8cc5fd490aa5f93b763 (commit)
from e398a8d7b60127001d309c2fd0b1f13337f9b46d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 6bf053a6a17749a3bc73c8cc5fd490aa5f93b763
Author: Jeremy Allison <jra at samba.org>
Date: Wed Nov 7 21:47:00 2007 -0800
Constrain "min receivefile size" to max of BUFFER_SIZE
(128k). Add debug error messages so we can see why
writeX large is denied. Ensure we don't allow recvfile
writes on IPC$.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/param/loadparm.c | 9 ++++++++-
source/smbd/reply.c | 22 ++++++++++++++++++++--
2 files changed, 28 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 19af6aa..07f8dc4 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -2169,7 +2169,6 @@ FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)
FN_GLOBAL_INTEGER(lp_server_signing, &Globals.server_signing)
-FN_GLOBAL_INTEGER(lp_min_receive_file_size, &Globals.iminreceivefile);
FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrapping)
/* local prototypes */
@@ -6242,3 +6241,11 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val)
posix_default_lock_was_set = True;
posix_cifsx_locktype = val;
}
+
+int lp_min_receive_file_size(void)
+{
+ if (Globals.iminreceivefile < 0) {
+ return 0;
+ }
+ return MIN(Globals.iminreceivefile, BUFFER_SIZE);
+}
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 1b36fb1..4508180 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -3856,16 +3856,24 @@ bool is_valid_writeX_buffer(const char *inbuf)
unsigned int doff = 0;
size_t len = smb_len_large(inbuf);
- if (CVAL(inbuf,smb_com) != SMBwriteX ||
- CVAL(inbuf,smb_vwv0) != 0xFF ||
+ if (CVAL(inbuf,smb_com) != SMBwriteX) {
+ return false;
+ }
+
+ if (CVAL(inbuf,smb_vwv0) != 0xFF ||
CVAL(inbuf,smb_wct) != 14) {
+ DEBUG(10,("is_valid_writeX_buffer: chained or "
+ "invalid word length.\n"));
return false;
}
+
conn = conn_find(SVAL(inbuf, smb_tid));
if (conn == NULL) {
+ DEBUG(10,("is_valid_writeX_buffer: bad tid\n"));
return false;
}
if (IS_IPC(conn)) {
+ DEBUG(10,("is_valid_writeX_buffer: IPC$ tid\n"));
return false;
}
doff = SVAL(inbuf,smb_vwv11);
@@ -3877,12 +3885,16 @@ bool is_valid_writeX_buffer(const char *inbuf)
}
if (numtowrite == 0) {
+ DEBUG(10,("is_valid_writeX_buffer: zero write\n"));
return false;
}
/* Ensure the sizes match up. */
if (doff < STANDARD_WRITE_AND_X_HEADER_SIZE) {
/* no pad byte...old smbclient :-( */
+ DEBUG(10,("is_valid_writeX_buffer: small doff %u (min %u)\n",
+ (unsigned int)doff,
+ (unsigned int)STANDARD_WRITE_AND_X_HEADER_SIZE));
return false;
}
@@ -3939,6 +3951,12 @@ void reply_write_and_X(connection_struct *conn, struct smb_request *req)
}
if (req->unread_bytes) {
+ /* Can't do a recvfile write on IPC$ */
+ if (IS_IPC(conn)) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBwriteX);
+ return;
+ }
if (numtowrite != req->unread_bytes) {
reply_doserror(req, ERRDOS, ERRbadmem);
END_PROFILE(SMBwriteX);
--
Samba Shared Repository
More information about the samba-cvs
mailing list