smbd_do_qfilepathinfo should respect max_data_bytes when responding to a QUERY_FILE_STREAMINFO request

Richard Sharpe realrichardsharpe at gmail.com
Mon Dec 3 19:08:42 MST 2012


Hi Folks,

This bug causes at least Win 7 to fail to display stream info. Real
Windows returns STATUS_BUFFER_OVERFLOW, at least with SMB2 when the
stream info is larger than the allowed size. There also seems to be
some leakage there as well.

index 61d755c..0e41140 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -4801,9 +4801,19 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
                        if (!NT_STATUS_IS_OK(status)) {
                                DEBUG(10, ("marshall_stream_info failed: %s\n",
                                           nt_errstr(status)));
+                               TALLOC_FREE(streams);
                                return status;
                        }

+                       /*
+                        * We should return STATUS_BUFFER_OVERFLOW if there is
+                        * not enough space to return the data.
+                        */
+                       if (data_size > max_data_bytes) {
+                               TALLOC_FREE(streams);
+                               return STATUS_BUFFER_OVERFLOW;
+                       }
+
                        TALLOC_FREE(streams);

                        break;


-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)


More information about the samba-technical mailing list