Possible string handling bug in samba 2.2.8a

M A Young m.a.young at durham.ac.uk
Tue Apr 15 09:38:13 GMT 2003

I have just upgraded our main print server to 2.2.8a (from 2.0.10), and
had my a few host samba log files filled up (until the file system ran out
of disk space) by errors like
[2003/04/15 01:49:16, 0] lib/util_str.c:string_sub(1221)
  ERROR: string overflow by 4 in string_sub(%I, 406)
starting as soon as a session connected.

I believe the problem was caused by a long print command given below
(required to provide logging, and to work around some PC configuration

print command = if expr "%m" : its \| "%m" : cm131 \| "%m" : formic \|
"%m" : help >/dev/null ; then REPLY=`lp -c -d%p %s 2>&1` ; rm %s ; echo
"%T user %U printed from %m (%I) to %p: $REPLY"
>>/var/local/samba/print.log ; echo "$REPLY" |
/usr/local/samba/bin/smbclient -M %m -I %I -U %h & else rm %s ; echo "%T
user %U printed from %m (%I) to %p: Job rejected"
>>/var/local/samba/print.log ; echo "ERROR: Queue configuration error.
Please reboot this machine and try again." |
/usr/local/samba/bin/smbclient -M %m -I %I -U %h & fi

The same command (with trivial modifications) worked with the previous
samba version.

	Michael Young

More information about the samba-technical mailing list