[PATCH] s3-lib/util: fix read across end of namelist string

Jeremy Allison jra at samba.org
Tue Apr 8 11:42:18 MDT 2014


On Tue, Apr 08, 2014 at 10:26:25AM -0700, Jeremy Allison wrote:
> On Tue, Apr 08, 2014 at 10:25:40AM +0200, Bjoern Baumbach wrote:
> > Hi!
> > 
> > If the namelist, which set_namearray receives, is not terminated with a
> >  '/', we try to read the next character behind the string termination '\0'.
> > In the case that the namelist is followed by a (more or less) valid
> > string, we could produce several effects like unintentional vetoed,
> > hidden or non-oplocked files or failures like:
> > "Conversion error: Incomplete multibyte sequence(..."
> > 
> > Please find attached the proposed patch :-)
> 
> Reviewed-and-pushed. Congratulations - that
> was a *GREAT* catch ! Thanks a lot Bjoern.

What do you think of the following additional
patch ? Your fix addresses the problem and
fixes the bug, but leaves the faulty logic
inside of the while loops. This patch fixes
the faulty logic as well, leaving the code
(hopefully) cleaner and easier to follow,
but it isn't strictly needed.

Comments + reviews ? Is it worth adding ?

Cheers,

Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-lib-util-fix-logic-inside-set_namearray-loops.patch
Type: text/x-diff
Size: 2112 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140408/0dab4a56/attachment.patch>


More information about the samba-technical mailing list