[PATCH] smbd: Avoid large reads beyond EOF
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Apr 27 10:27:27 UTC 2016
Hi!
Review appreciated!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From a5c7f0997e53ae300511b9aec549f07b34280d3b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 27 Apr 2016 12:15:37 +0200
Subject: [PATCH] smbd: Avoid large reads beyond EOF
With unix extensions and oplocks=no mount.cifs from jessie reads beyond the
file end forever, and we are happy to return zeros....
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/reply.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index cbe15a3..e0e55c6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4100,6 +4100,16 @@ normal_read:
uint8_t headerbuf[smb_size + 2*12 + 1 /* padding byte */];
ssize_t ret;
+ if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
+ (startpos > fsp->fsp_name->st.st_ex_size) ||
+ (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
+ /*
+ * We already know that we would do a short
+ * read, so don't try the sendfile() path.
+ */
+ goto nosendfile_read;
+ }
+
construct_reply_common_req(req, (char *)headerbuf);
setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
--
1.7.9.5
More information about the samba-technical
mailing list