[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Sun Apr 7 13:39:39 MDT 2013
The branch, v3-6-test has been updated
via 57db335 Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF
via 7950384 Ensure we don't return uninitialized memory in the pad bytes.
via 8794bb9 Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF
via c668853 Change estimate_ea_size() to correctly estimate the EA size over SMB2.
via 4565442 Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling.
from 64fb72c wkssvc: Fix bug 9727, NULL pointer dereference
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 57db33599589b06a60cb7cbb454f87bf40c542e0
Author: Jeremy Allison <jra at samba.org>
Date: Wed Mar 27 11:54:34 2013 -0700
Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF
The spec lies when it says that NextEntryOffset is the only value
considered when finding the next EA. We were adding 4 more extra
pad bytes than needed (i.e. if the next entry already was on a 4
byte boundary, then we were adding 4 additional pad bytes).
Signed-off-by: Jeremy Allison <jra at samba.org>
The last 5 patches address bug #9130 - Certain xattrs cause Windows error
0x800700FF.
commit 79503841059e945e6b14fa8c92375041c5390764
Author: Jeremy Allison <jra at samba.org>
Date: Tue Mar 26 17:07:55 2013 -0700
Ensure we don't return uninitialized memory in the pad bytes.
Signed-off-by: Jeremy Allison <jra at samba.org>
commit 8794bb97495a7de4bf98f497abdf713be68db7a9
Author: Jeremy Allison <jra at samba.org>
Date: Tue Mar 26 16:55:03 2013 -0700
Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF
Ensure we never return any zero-length EA's.
Signed-off-by: Jeremy Allison <jra at samba.org>
commit c6688532c8a01836f29a38806ced62b34617222d
Author: Jeremy Allison <jra at samba.org>
Date: Tue Mar 26 16:53:45 2013 -0700
Change estimate_ea_size() to correctly estimate the EA size over SMB2.
Signed-off-by: Jeremy Allison <jra at samba.org>
commit 45654424a5c686a43cd9edb8026c0d0424260fd9
Author: Jeremy Allison <jra at samba.org>
Date: Tue Mar 26 16:50:13 2013 -0700
Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling.
Signed-off-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/trans2.c | 61 +++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 52 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index df4fa64..01b0130 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -328,6 +328,15 @@ static struct ea_list *get_ea_list_from_file(TALLOC_CTX *mem_ctx, connection_str
return NULL;
}
+ if (listp->ea.value.length == 0) {
+ /*
+ * We can never return a zero length EA.
+ * Windows reports the EA's as corrupted.
+ */
+ TALLOC_FREE(listp);
+ continue;
+ }
+
push_ascii_fstring(dos_ea_name, listp->ea.name);
*pea_total_len +=
@@ -411,6 +420,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
{
uint8_t *p = (uint8_t *)pdata;
uint8_t *last_start = NULL;
+ bool store_data = (pdata != NULL);
*ret_data_size = 0;
@@ -422,8 +432,9 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
size_t dos_namelen;
fstring dos_ea_name;
size_t this_size;
+ size_t pad = 0;
- if (last_start) {
+ if (last_start && store_data) {
SIVAL(last_start, 0, PTR_DIFF(p, last_start));
}
last_start = p;
@@ -440,7 +451,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
this_size = 0x08 + dos_namelen + 1 + ea_list->ea.value.length;
if (ea_list->next) {
- size_t pad = 4 - (this_size % 4);
+ pad = (4 - (this_size % 4)) % 4;
this_size += pad;
}
@@ -449,12 +460,19 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
}
/* We know we have room. */
- SIVAL(p, 0x00, 0); /* next offset */
- SCVAL(p, 0x04, ea_list->ea.flags);
- SCVAL(p, 0x05, dos_namelen);
- SSVAL(p, 0x06, ea_list->ea.value.length);
- fstrcpy((char *)(p+0x08), dos_ea_name);
- memcpy(p + 0x08 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length);
+ if (store_data) {
+ SIVAL(p, 0x00, 0); /* next offset */
+ SCVAL(p, 0x04, ea_list->ea.flags);
+ SCVAL(p, 0x05, dos_namelen);
+ SSVAL(p, 0x06, ea_list->ea.value.length);
+ fstrcpy((char *)(p+0x08), dos_ea_name);
+ memcpy(p + 0x08 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length);
+ if (pad) {
+ memset(p + 0x08 + dos_namelen + 1 + ea_list->ea.value.length,
+ '\0',
+ pad);
+ }
+ }
total_data_size -= this_size;
p += this_size;
@@ -468,13 +486,38 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
static unsigned int estimate_ea_size(connection_struct *conn, files_struct *fsp, const char *fname)
{
size_t total_ea_len = 0;
+ struct ea_list *ea_list = NULL;
TALLOC_CTX *mem_ctx = NULL;
if (!lp_ea_support(SNUM(conn))) {
return 0;
}
mem_ctx = talloc_tos();
- (void)get_ea_list_from_file(mem_ctx, conn, fsp, fname, &total_ea_len);
+ ea_list = get_ea_list_from_file(mem_ctx, conn, fsp, fname, &total_ea_len);
+ if (ea_list == NULL) {
+ return 0;
+ }
+ if(conn->sconn->using_smb2) {
+ NTSTATUS status;
+ unsigned int ret_data_size;
+ /*
+ * We're going to be using fill_ea_chained_buffer() to
+ * marshall EA's - this size is significantly larger
+ * than the SMB1 buffer. Re-calculate the size without
+ * marshalling.
+ */
+ status = fill_ea_chained_buffer(mem_ctx,
+ NULL,
+ 65535,
+ &ret_data_size,
+ conn,
+ ea_list);
+ if (!NT_STATUS_IS_OK(status)) {
+ ret_data_size = 0;
+ }
+ total_ea_len = ret_data_size;
+ }
+
return total_ea_len;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list