[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Sat Mar 7 01:38:02 UTC 2020 

The branch, master has been updated
       via  b0ba7cd4f96 vfs_fruit: tmsize prevent overflow Force the type during arithmetic in order to prevent overflow when summing the Time Machine folder size. Increase the precision to off_t (used for file sizes), leave the overflow error traps but with more precise wording.
      from  a4ed6ada500 Remove unnecessary/incorrect talloc_steal() calls

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b0ba7cd4f96a6ea227943cb05ef51a463e292b2d
Author: Art M. Gallagher <repos at artmg.net>
Date:   Tue Mar 3 21:51:46 2020 +0000

    vfs_fruit: tmsize prevent overflow Force the type during arithmetic in order to prevent overflow when summing the Time Machine folder size. Increase the precision to off_t (used for file sizes), leave the overflow error traps but with more precise wording.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13622
    Signed-off-by: Art M. Gallagher <smblock at artmg.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sat Mar  7 01:37:31 UTC 2020 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_fruit.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index ebf3e18af2f..b2d0901a800 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -4986,15 +4986,21 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle,
 		return true;
 	}
 
+	/*
+	 * Arithmetic on 32-bit systems may cause overflow, depending on
+	 * size_t precision. First we check its unlikely, then we
+	 * force the precision into target off_t, then we check that
+	 * the total did not overflow either.
+	 */
 	if (bandsize > SIZE_MAX/nbands) {
-		DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
+		DBG_ERR("tmsize potential overflow: bandsize [%zu] nbands [%zu]\n",
 			bandsize, nbands);
 		return false;
 	}
-	tm_size = bandsize * nbands;
+	tm_size = (off_t)bandsize * (off_t)nbands;
 
 	if (state->total_size + tm_size < state->total_size) {
-		DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
+		DBG_ERR("tm total size overflow: bandsize [%zu] nbands [%zu]\n",
 			bandsize, nbands);
 		return false;
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list