[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Jul 1 19:00:05 UTC 2020
The branch, master has been updated
via f59490dc2d0 s3: libsmb: Fix SMB2 client rename bug to a Windows server.
from d3086501456 tls: Use NORMAL:-VERS-SSL3.0 as the default configuration
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f59490dc2d07107d32d6e888f2814011ab2845b7
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 30 14:00:41 2020 -0700
s3: libsmb: Fix SMB2 client rename bug to a Windows server.
Fix bug where renaming to a target name of one
UCS2 character (name length 2 bytes) fails to
a Windows 10 SMB2 server.
The Windows 10 SMB2 server has a minimum length
for a SMB2_FILE_RENAME_INFORMATION buffer of
24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
if the length is less. This isn't an alignment
issue as Windows client happily 2-byte align
for larget target name sizes. Also the Windows 10
SMB1 server doesn't have this restriction.
If the name length is too short, pad out with
zeros to 24 bytes.
Hard to add a test for this as we don't want to
add this silly restriction to the Samba server
as it would break all non-Windows clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14403
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 1 18:59:53 UTC 2020 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/cli_smb2_fnum.c | 26 ++++++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index e5d6e6b7fbd..8bf6629b9a1 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -3124,6 +3124,7 @@ NTSTATUS cli_smb2_rename(struct cli_state *cli,
smb_ucs2_t *converted_str = NULL;
size_t converted_size_bytes = 0;
size_t namelen = 0;
+ size_t inbuf_size;
TALLOC_CTX *frame = talloc_stackframe();
if (smbXcli_conn_has_async_calls(cli->conn)) {
@@ -3181,8 +3182,29 @@ NTSTATUS cli_smb2_rename(struct cli_state *cli,
}
converted_size_bytes -= 2;
- inbuf = data_blob_talloc_zero(frame,
- 20 + converted_size_bytes);
+ inbuf_size = 20 + converted_size_bytes;
+ if (inbuf_size < 20) {
+ /* Integer wrap check. */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /*
+ * The Windows 10 SMB2 server has a minimum length
+ * for a SMB2_FILE_RENAME_INFORMATION buffer of
+ * 24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
+ * if the length is less. This isn't an alignment
+ * issue as Windows client happily 2-byte align
+ * for larget target name sizes. Also the Windows 10
+ * SMB1 server doesn't have this restriction.
+ *
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14403
+ */
+ if (inbuf_size < 24) {
+ inbuf_size = 24;
+ }
+
+ inbuf = data_blob_talloc_zero(frame, inbuf_size);
if (inbuf.data == NULL) {
status = NT_STATUS_NO_MEMORY;
goto fail;
--
Samba Shared Repository
More information about the samba-cvs
mailing list