[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Mon Jan 2 14:28:01 UTC 2023
The branch, master has been updated
via 01cdc5e00be lib/replace - add extra check to bsd_attr_list
from a6136b88174 Happy New Year 2023!
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 01cdc5e00be78a51f0766634cc7fe50de2088203
Author: Andrew Walker <awalker at ixsystems.com>
Date: Tue Dec 27 10:59:14 2022 -0500
lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`
In case of short read we now set error to ERANGE and
fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 2 14:27:23 UTC 2023 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
lib/replace/xattr.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
Changeset truncated at 500 lines:
diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c
index 4869367b7da..1044942f4b9 100644
--- a/lib/replace/xattr.c
+++ b/lib/replace/xattr.c
@@ -267,6 +267,18 @@ static ssize_t bsd_attr_list (int type, extattr_arg arg, char *list, size_t size
for(i = 0; i < list_size; i += len + 1) {
len = buf[i];
+
+ /*
+ * If for some reason we receive a truncated
+ * return from call to list xattrs the pascal
+ * string lengths will not be changed and
+ * therefore we must check that we're not
+ * reading garbage data or off end of array
+ */
+ if (len + i >= list_size) {
+ errno = ERANGE;
+ return -1;
+ }
strncpy(list, extattr[t].name, extattr[t].len + 1);
list += extattr[t].len;
strncpy(list, buf + i + 1, len);
--
Samba Shared Repository
More information about the samba-cvs
mailing list