[PATCH v2] Fix bug 10775 - smbd crashes when accessing garbage filenames

David Disseldorp ddiss at suse.de
Mon Sep 1 06:06:51 MDT 2014

On Fri, 29 Aug 2014 10:01:51 -0700, Jeremy Allison wrote:

> On Fri, Aug 29, 2014 at 04:47:29PM +0200, David Disseldorp wrote:
> > I think I'd prefer to keep the explicit out_of_space
> > parameter, rather than audit all return paths for potential
> STATUS_MORE_ENTRIES has a long and established history
> of being used in this way - from the description of the
> error return:
> "Returned by enumeration APIs to indicate more information is available to successive calls."

Thanks, that's pretty clearly worded :)
My main concern would still be accidentally returning it up the stack
from map_nt_error_from_unix_common(), but it looks like that's mostly
addressed with the filter that you added.

> Updated patch for your review attached !

The first two patches look good, but I'm still looking at the rest.

One issue I still have with the push_string_base() errno trap is that
it doesn't appear to catch errors in the push_ascii()->strupper_m()
error path.
strupper_m() returns false without setting errno, which is then returned
as 0 from push_ascii(), which would have previously flagged an error to

Cheers, David

More information about the samba-technical mailing list