[PATCH] Fix bug 10716 - smbd constantly crashes when filename contains non-ascii character.

[Volker Lendecke]

On Mon, Aug 04, 2014 at 11:20:38AM -0700, Jeremy Allison wrote:
> Turns out that strcasecmp_m_handle()
> and strncasecmp_m_handle() don't
> handle conversion errors very well.
> 
> They skip over the non-converting
> characters, which means they can
> return a false match fore filenames
> where the non-converting character
> sequences occur at the end of the
> string.
> 
> Fix confirmed by submitter.
> 
> Please review and push if happy !

Pushed. Attached find a patch on top of this. Before I +1
the bugzilla entry, I'd like you to comment on that one.

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 976f54f3607834040d6c1112cd1be6ae9d3019ac Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 5 Aug 2014 09:21:07 +0000
Subject: [PATCH] lib: strings: Simplify strcasecmp

This makes us fallback to strcasecmp early if any INVALID_CODEPOINT
appears. Without this patch we just continue to compare if both strings
happen to have an INVALID_CODEPOINT in the same spot.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 lib/util/charset/util_str.c | 46 ++++++++++++---------------------------------
 1 file changed, 12 insertions(+), 34 deletions(-)

diff --git a/lib/util/charset/util_str.c b/lib/util/charset/util_str.c
index f62c999..1164330 100644
--- a/lib/util/charset/util_str.c
+++ b/lib/util/charset/util_str.c
@@ -47,6 +47,11 @@ _PUBLIC_ int strcasecmp_m_handle(struct smb_iconv_handle *iconv_handle,
 		c1 = next_codepoint_handle(iconv_handle, s1, &size1);
 		c2 = next_codepoint_handle(iconv_handle, s2, &size2);
 
+		if (c1 == INVALID_CODEPOINT ||
+		    c2 == INVALID_CODEPOINT) {
+			return strcasecmp(s1, s2);
+		}
+
 		s1 += size1;
 		s2 += size2;
 
@@ -54,22 +59,6 @@ _PUBLIC_ int strcasecmp_m_handle(struct smb_iconv_handle *iconv_handle,
 			continue;
 		}
 
-		if (c1 == INVALID_CODEPOINT ||
-		    c2 == INVALID_CODEPOINT) {
-			/*
-			 * Fall back to byte
-			 * comparison. We must
-			 * step back by the codepoint
-			 * length we just incremented
-			 * - otherwise we are not
-			 * checking the bytes that
-			 * failed the conversion.
-			 */
-			s1 -= size1;
-			s2 -= size2;
-			return strcasecmp(s1, s2);
-		}
-
 		if (toupper_m(c1) != toupper_m(c2)) {
 			return c1 - c2;
 		}
@@ -107,27 +96,9 @@ _PUBLIC_ int strncasecmp_m_handle(struct smb_iconv_handle *iconv_handle,
 		c1 = next_codepoint_handle(iconv_handle, s1, &size1);
 		c2 = next_codepoint_handle(iconv_handle, s2, &size2);
 
-		s1 += size1;
-		s2 += size2;
-
-		if (c1 == c2) {
-			continue;
-		}
-
 		if (c1 == INVALID_CODEPOINT ||
 		    c2 == INVALID_CODEPOINT) {
 			/*
-			 * Fall back to byte
-			 * comparison. We must
-			 * step back by the codepoint
-			 * length we just incremented
-			 * by - otherwise we are not
-			 * checking the bytes that
-			 * failed the conversion.
-			 */
-			s1 -= size1;
-			s2 -= size2;
-			/*
 			 * n was specified in characters,
 			 * now we must convert it to bytes.
 			 * As bytes are the smallest
@@ -145,6 +116,13 @@ _PUBLIC_ int strncasecmp_m_handle(struct smb_iconv_handle *iconv_handle,
 			return strncasecmp(s1, s2, n);
 		}
 
+		s1 += size1;
+		s2 += size2;
+
+		if (c1 == c2) {
+			continue;
+		}
+
 		if (toupper_m(c1) != toupper_m(c2)) {
 			return c1 - c2;
 		}
-- 
1.8.1.2