[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Aug 5 20:04:02 MDT 2013
The branch, master has been updated
via eb50fb8 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
via 30e724c FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero
via 270d29a s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data
via ec46f6b s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data
via 616777f s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler
via a91d2b0 s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data
via a93f9c3 s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small
from 0602009 pyldb: decrement ref counters on py_results and quiet warnings
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Mon Aug 5 11:21:59 2013 -0700
FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
labels_data_count already accounts for the unicode null character at the
end of the array. There is no need in adding space for it again.
Signed-off-by: Christof Schmitt <christof.schmitt at us.ibm.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Simo Sorce <idra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104
commit 30e724cbff1ecd90e5a676831902d1e41ec1b347
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Mon Aug 5 11:16:22 2013 -0700
FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero
Otherwise num_volumes and the end marker can return uninitialized data
to the client.
Signed-off-by: Christof Schmitt <christof.schmitt at us.ibm.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Simo Sorce <idra at samba.org>
commit 270d29a743a030653037cb176f3764bec3c79b6c
Author: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Date: Wed Jul 10 16:43:39 2013 +0200
s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
commit ec46f6b91941e38dd92f8e0fb0f278592e3157b6
Author: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Date: Wed Jul 10 15:52:06 2013 +0200
s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
commit 616777f029e462f53c5118d79de8c6405a5fb7c1
Author: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Date: Fri Jul 5 11:32:27 2013 +0200
s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
commit a91d2b05bab329a8a9772c2c79a3b1e02933182e
Author: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Date: Fri Jul 5 11:03:16 2013 +0200
s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
commit a93f9c3d33e442c84d0c9da7eb5d25ca4b54fc33
Author: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Date: Wed Jul 10 08:59:58 2013 +0200
s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_default.c | 6 +++---
source3/smbd/smb2_getinfo.c | 18 +++++++++++++++---
source3/smbd/trans2.c | 15 ++++++++++++++-
3 files changed, 32 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 82d059c..304ef37 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1141,7 +1141,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
if (!labels) {
*out_len = 16;
} else {
- *out_len = 12 + labels_data_count + 4;
+ *out_len = 12 + labels_data_count;
}
if (max_out_len < *out_len) {
@@ -1151,7 +1151,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
return NT_STATUS_BUFFER_TOO_SMALL;
}
- cur_pdata = talloc_array(ctx, char, *out_len);
+ cur_pdata = talloc_zero_array(ctx, char, *out_len);
if (cur_pdata == NULL) {
TALLOC_FREE(shadow_data);
return NT_STATUS_NO_MEMORY;
@@ -1168,7 +1168,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
}
/* needed_data_count 4 bytes */
- SIVAL(cur_pdata, 8, labels_data_count + 4);
+ SIVAL(cur_pdata, 8, labels_data_count);
cur_pdata += 12;
diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c
index 5616c84..7a41b19 100644
--- a/source3/smbd/smb2_getinfo.c
+++ b/source3/smbd/smb2_getinfo.c
@@ -159,7 +159,10 @@ static void smbd_smb2_request_getinfo_done(struct tevent_req *subreq)
return;
}
- if (!NT_STATUS_IS_OK(call_status)) {
+ /* some GetInfo responses set STATUS_BUFFER_OVERFLOW and return partial,
+ but valid data */
+ if (!(NT_STATUS_IS_OK(call_status) ||
+ NT_STATUS_EQUAL(call_status, STATUS_BUFFER_OVERFLOW))) {
/* Return a specific error with data. */
error = smbd_smb2_request_error_ex(req,
call_status,
@@ -194,7 +197,7 @@ static void smbd_smb2_request_getinfo_done(struct tevent_req *subreq)
outdyn = out_output_buffer;
- error = smbd_smb2_request_done(req, outbody, &outdyn);
+ error = smbd_smb2_request_done_ex(req, call_status, outbody, &outdyn, __location__);
if (!NT_STATUS_IS_OK(error)) {
smbd_server_connection_terminate(req->sconn,
nt_errstr(error));
@@ -416,7 +419,10 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
fsp->fsp_name,
&data,
&data_size);
- if (!NT_STATUS_IS_OK(status)) {
+ /* some responses set STATUS_BUFFER_OVERFLOW and return
+ partial, but valid data */
+ if (!(NT_STATUS_IS_OK(status) ||
+ NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW))) {
SAFE_FREE(data);
if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL)) {
status = NT_STATUS_INVALID_INFO_CLASS;
@@ -498,6 +504,12 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ if (state->out_output_buffer.length > in_output_buffer_length) {
+ tevent_req_nterror(req, NT_STATUS_INFO_LENGTH_MISMATCH);
+ return tevent_req_post(req, ev);
+ }
+
+ state->status = status;
tevent_req_done(req);
return tevent_req_post(req, ev);
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f769104..da0b1ea 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3132,6 +3132,7 @@ NTSTATUS smbd_do_qfsinfo(connection_struct *conn,
uint32 additional_flags = 0;
struct smb_filename smb_fname;
SMB_STRUCT_STAT st;
+ NTSTATUS status = NT_STATUS_OK;
if (fname == NULL || fname->base_name == NULL) {
filename = ".";
@@ -3266,6 +3267,12 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_ex_dev, (u
STR_UNICODE);
SIVAL(pdata,8,len);
data_len = 12 + len;
+ if (max_data_bytes >= 16 && data_len > max_data_bytes) {
+ /* the client only requested a portion of the
+ file system name */
+ data_len = max_data_bytes;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
break;
case SMB_QUERY_FS_LABEL_INFO:
@@ -3296,6 +3303,12 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_ex_dev, (u
DEBUG(5,("smbd_do_qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n",
(int)strlen(vname),vname,
lp_servicename(talloc_tos(), snum)));
+ if (max_data_bytes >= 24 && data_len > max_data_bytes) {
+ /* the client only requested a portion of the
+ volume label */
+ data_len = max_data_bytes;
+ status = STATUS_BUFFER_OVERFLOW;
+ }
break;
case SMB_QUERY_FS_SIZE_INFO:
@@ -3667,7 +3680,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
}
*ret_data_len = data_len;
- return NT_STATUS_OK;
+ return status;
}
/****************************************************************************
--
Samba Shared Repository
More information about the samba-cvs
mailing list