Incorrect file size returned in the Respond of "FILE_SUPERSEDE Create"

Jeremy Allison jra at samba.org
Tue Apr 28 15:44:22 MDT 2015 

On Tue, Apr 28, 2015 at 12:56:16PM -0700, Kenny Dinh wrote:
> I'm working on adding the torture test.  I'll send an update when it is
> ready.

OK Kenny, as we're going to have to fix this in 4.2.next and 4.1.next
because it's a nasty bug I couldn't resist :-) so I created a bug for this:

https://bugzilla.samba.org/show_bug.cgi?id=11240

and also quickly knocked up a torture test (as this is easily
reproduced in SMB1 as well as SMB2).

The first patch needs your 'Signed-off-by:' as this is
your work.

Can you take a look and see if this is OK for you ?

If you write a torture test I'd also love to see it
(as is always helps to get more people who know how
to write torture tests) but this was a quick and easy
one to do (and I know we're going to have to fix
asap).

Cheers,

	Jeremy.
-------------- next part --------------
From feb680a3fa7e527e9187aa327ffa7593b9ecd39f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 28 Apr 2015 14:22:42 -0700
Subject: [PATCH 1/2] s3: smbd: Incorrect file size returned in the response of
 "FILE_SUPERSEDE Create"

https://bugzilla.samba.org/show_bug.cgi?id=11240

(Needs signed-off-by-line) : Kenny Dinh <kdinh at peaxy.net>

Reviewed-by: Jeremy Allison <jra at samba.org>
---
 source3/modules/vfs_default.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index dbcd601..7d2a0e5 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1940,8 +1940,6 @@ static int vfswrap_ftruncate(vfs_handle_struct *handle, files_struct *fsp, off_t
 	   ftruncate extend but ext2 can. */
 
 	result = ftruncate(fsp->fh->fd, len);
-	if (result == 0)
-		goto done;
 
 	/* According to W. R. Stevens advanced UNIX prog. Pure 4.3 BSD cannot
 	   extend a file with ftruncate. Provide alternate implementation
@@ -1955,6 +1953,12 @@ static int vfswrap_ftruncate(vfs_handle_struct *handle, files_struct *fsp, off_t
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
+
+	/* We need to update the files_struct after successful ftruncate */
+	if (result == 0) {
+		goto done;
+	}
+
 	pst = &fsp->fsp_name->st;
 
 #ifdef S_ISFIFO
-- 
2.2.0.rc0.207.ga3a616c


From 94832d1a2107b8213dddfef5b05f0785092be036 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 28 Apr 2015 14:32:03 -0700
Subject: [PATCH 2/2] s3: torture: Test for incorrect file size returned in the
 response of "FILE_SUPERSEDE Create".

https://bugzilla.samba.org/show_bug.cgi?id=11240

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/torture/torture.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index e9c91ff..a6db961 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -4877,6 +4877,7 @@ static bool run_opentest(int dummy)
 	off_t fsize;
 	bool correct = True;
 	char *tmp_path;
+	struct smb_create_returns cr;
 	NTSTATUS status;
 
 	printf("starting open test\n");
@@ -5017,6 +5018,59 @@ static bool run_opentest(int dummy)
 
 	cli_unlink(cli1, fname, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
 
+	/* Check using O_TRUNC returns file size of zero. */
+	status = cli_openx(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE, &fnum1);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("open of %s failed (%s)\n", fname, nt_errstr(status));
+		return False;
+	}
+
+	memset(buf, '\0', 20);
+
+	status = cli_writeall(cli1, fnum1, 0, (uint8_t *)buf, 0, 20, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("write failed (%s)\n", nt_errstr(status));
+		correct = False;
+	}
+
+	status = cli_close(cli1, fnum1);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("(4) close1 failed (%s)\n", nt_errstr(status));
+		return False;
+	}
+
+	/* Ensure size == 20. */
+	status = cli_getatr(cli1, fname, NULL, &fsize, NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("(4) getatr failed (%s)\n", nt_errstr(status));
+		return False;
+	}
+
+	if (fsize != 20) {
+		printf("(4) file size != 20\n");
+		return False;
+	}
+
+	status = cli_ntcreate(cli1, fname, 0, FILE_WRITE_DATA|FILE_READ_DATA,
+			      FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE,
+			      FILE_SUPERSEDE, 0, 0, &fnum1, &cr);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("open (5) of %s failed (%s)\n", fname, nt_errstr(status));
+		return False;
+	}
+
+	if (cr.end_of_file != 0) {
+		printf("FILE_SUPERSEDE failed. File size of %s is 0x%llx\n",
+			fname, (unsigned long long)cr.end_of_file);
+		return False;
+	}
+
+	status = cli_close(cli1, fnum1);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("close (5) of %s failed (%s)\n", fname, nt_errstr(status));
+		return False;
+	}
+
 	printf("Do ctemp tests\n");
 	status = cli_ctemp(cli1, talloc_tos(), "\\", &fnum1, &tmp_path);
 	if (!NT_STATUS_IS_OK(status)) {
-- 
2.2.0.rc0.207.ga3a616c

More information about the samba-technical mailing list