smbd_do_qfilepathinfo should respect max_data_bytes when responding to a QUERY_FILE_STREAMINFO request
Richard Sharpe
realrichardsharpe at gmail.com
Mon Dec 3 19:08:42 MST 2012
Hi Folks,
This bug causes at least Win 7 to fail to display stream info. Real
Windows returns STATUS_BUFFER_OVERFLOW, at least with SMB2 when the
stream info is larger than the allowed size. There also seems to be
some leakage there as well.
index 61d755c..0e41140 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -4801,9 +4801,19 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("marshall_stream_info failed: %s\n",
nt_errstr(status)));
+ TALLOC_FREE(streams);
return status;
}
+ /*
+ * We should return STATUS_BUFFER_OVERFLOW if there is
+ * not enough space to return the data.
+ */
+ if (data_size > max_data_bytes) {
+ TALLOC_FREE(streams);
+ return STATUS_BUFFER_OVERFLOW;
+ }
+
TALLOC_FREE(streams);
break;
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list