[SCM] Samba Shared Repository - branch v3-3-test updated
Karolin Seeger
kseeger at samba.org
Mon Feb 22 08:17:23 MST 2010
The branch, v3-3-test has been updated
via de658f9... Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
via 8cac1af... Fix off-by-one error in working out the limit of the NetServerEnum comment.
via 5d4d547... s3:smbd: Fix really ugly bool vs. int bug!!!
via 98399a6... s3:libsmb: fix NetServerEnum3 rap calls.
from e904ccd... Fix bug #7154 - mangling method = hash can crash storing a name not containing a '.'
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit de658f95ea12d4c532f309634b9aedb09c5e4d1d
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 15:23:38 2010 -0800
Fix bug #7122 - Reading a large browselist fails (server returns invalid values in subsequent SMBtrans replies)
There are two problems:
1). The server is off-by-one in the end of buffer space test.
2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0)
fields in the second and subsequent SMBtrans replies.
This patch fixes both.
Jeremy.
(similar to commit b07a14dc37d2899f662e1cf87064f99c0bd10b25)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 8cac1af47cad9d40b0ab86cda3674f4420507008
Author: Jeremy Allison <jra at samba.org>
Date: Tue Feb 9 12:17:08 2010 -0800
Fix off-by-one error in working out the limit of the NetServerEnum comment.
Jeremy.
(cherry picked from commit 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 5d4d547b901986cff378f640e9e22931d77c61b8
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 10 19:49:48 2010 +0100
s3:smbd: Fix really ugly bool vs. int bug!!!
A comparison function for qsort needs to return an 'int'!
Otherwise you'll get random results depending on the compiler
and the architecture...
metze
(cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02)
commit 98399a69d6fc3d30c899588c8846ce19ef974fa3
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 8 18:38:03 2010 +0100
s3:libsmb: fix NetServerEnum3 rap calls.
metze
(cherry picked from commit 9b5198dd443a00fdad4faa1f9cdabedd81012d93)
-----------------------------------------------------------------------
Summary of changes:
source/libsmb/clirap.c | 26 ++++++++++++++++++++------
source/smbd/ipc.c | 3 +++
source/smbd/lanman.c | 6 +++---
3 files changed, 26 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libsmb/clirap.c b/source/libsmb/clirap.c
index d248d0c..ea9e439 100644
--- a/source/libsmb/clirap.c
+++ b/source/libsmb/clirap.c
@@ -270,11 +270,9 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
p = param;
SIVAL(p,0,func); /* api number */
p += 2;
- /* Next time through we need to use the continue api */
- func = RAP_NetServerEnum3;
- if (last_entry) {
- strlcpy(p,"WrLehDOz", sizeof(param)-PTR_DIFF(p,param));
+ if (func == RAP_NetServerEnum3) {
+ strlcpy(p,"WrLehDzz", sizeof(param)-PTR_DIFF(p,param));
} else {
strlcpy(p,"WrLehDz", sizeof(param)-PTR_DIFF(p,param));
}
@@ -293,7 +291,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
* to continue from.
*/
len = push_ascii(p,
- last_entry ? last_entry : workgroup,
+ workgroup,
sizeof(param) - PTR_DIFF(p,param) - 1,
STR_TERMINATE|STR_UPPER);
@@ -303,6 +301,22 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
}
p += len;
+ if (func == RAP_NetServerEnum3) {
+ len = push_ascii(p,
+ last_entry ? last_entry : "",
+ sizeof(param) - PTR_DIFF(p,param) - 1,
+ STR_TERMINATE);
+
+ if (len == (size_t)-1) {
+ SAFE_FREE(last_entry);
+ return false;
+ }
+ p += len;
+ }
+
+ /* Next time through we need to use the continue api */
+ func = RAP_NetServerEnum3;
+
if (!cli_api(cli,
param, PTR_DIFF(p,param), 8, /* params, length, max */
NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */
@@ -375,7 +389,7 @@ bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
comment_offset = (IVAL(p,22) & 0xFFFF)-converter;
cmnt = comment_offset?(rdata+comment_offset):"";
- if (comment_offset < 0 || comment_offset > (int)rdrcnt) {
+ if (comment_offset < 0 || comment_offset >= (int)rdrcnt) {
TALLOC_FREE(frame);
continue;
}
diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c
index 5c9f9f6..8b6c88b 100644
--- a/source/smbd/ipc.c
+++ b/source/smbd/ipc.c
@@ -163,6 +163,9 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf,
rparam, tot_param_sent, this_lparam,
rdata, tot_data_sent, this_ldata);
+ SSVAL(outbuf,smb_vwv0,lparam);
+ SSVAL(outbuf,smb_vwv1,ldata);
+
SSVAL(outbuf,smb_vwv3,this_lparam);
SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf));
SSVAL(outbuf,smb_vwv5,tot_param_sent);
diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c
index 5fb05de..29566d1 100644
--- a/source/smbd/lanman.c
+++ b/source/smbd/lanman.c
@@ -1352,7 +1352,7 @@ static int fill_srv_info(struct srv_info_struct *service,
}
-static bool srv_comp(struct srv_info_struct *s1,struct srv_info_struct *s2)
+static int srv_comp(struct srv_info_struct *s1,struct srv_info_struct *s2)
{
return(strcmp(s1->name,s2->name));
}
@@ -1456,7 +1456,7 @@ static bool api_RNetServerEnum(connection_struct *conn, uint16 vuid,
DEBUG(4,("fill_srv_info %20s %8x %25s %15s\n",
s->name, s->type, s->comment, s->domain));
- if (data_len <= buf_len) {
+ if (data_len < buf_len) {
counted++;
fixed_len += f_len;
string_len += s_len;
@@ -1820,7 +1820,7 @@ static bool api_RNetShareEnum( connection_struct *conn, uint16 vuid,
if( lp_browseable( i ) && lp_snum_ok( i ) && (strlen(servicename_dos) < 13)) {
total++;
data_len += fill_share_info(conn,i,uLevel,0,&f_len,0,&s_len,0);
- if (data_len <= buf_len) {
+ if (data_len < buf_len) {
counted++;
fixed_len += f_len;
string_len += s_len;
--
Samba Shared Repository
More information about the samba-cvs
mailing list