[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Tue Oct 11 12:03:02 MDT 2011


The branch, v3-6-test has been updated
       via  df6a64b Remove extraneous debug code.
       via  2a9792f Fix bug #8474 - SMB2 create doesn't cope with an Apple client using NULL blob in create
      from  46798c8 Tidy up previous patch for bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit df6a64bb0bc181c76d1e3c05e19414dd9e9709f5
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 21 13:47:22 2011 -0700

    Remove extraneous debug code.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Thu Sep 22 00:22:12 CEST 2011 on sn-devel-104

commit 2a9792f4d9963e4b4cbd38da47d8296694333269
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 21 11:40:01 2011 -0700

    Fix bug #8474 - SMB2 create doesn't cope with an Apple client using NULL blob in create
    
    Cope with zero length data_offset and data_length values.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Wed Sep 21 22:12:40 CEST 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 libcli/smb/smb2_create_blob.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smb2_create_blob.c b/libcli/smb/smb2_create_blob.c
index 444dc84..31c67e9 100644
--- a/libcli/smb/smb2_create_blob.c
+++ b/libcli/smb/smb2_create_blob.c
@@ -63,9 +63,10 @@ NTSTATUS smb2_create_blob_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer,
 		    name_offset > remaining ||
 		    name_length != 4 || /* windows enforces this */
 		    name_offset + name_length > remaining ||
-		    data_offset < name_offset + name_length ||
-		    data_offset > remaining ||
-		    data_offset + (uint64_t)data_length > remaining) {
+		    (data_offset && (data_offset < name_offset + name_length)) ||
+		    (data_offset && (data_offset > remaining)) ||
+		    (data_offset && data_length &&
+				(data_offset + (uint64_t)data_length > remaining))) {
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list