[PATCH] smbd: Avoid large reads beyond EOF
Jeremy Allison
jra at samba.org
Wed Apr 27 18:20:06 UTC 2016
On Wed, Apr 27, 2016 at 12:27:27PM +0200, Volker Lendecke wrote:
> Hi!
>
> Review appreciated!
Oh, very nice catch ! Pushed with ref to bug:
https://bugzilla.samba.org/show_bug.cgi?id=11878
which I just created for this. We're going to
need this fixed in release branches :-).
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From a5c7f0997e53ae300511b9aec549f07b34280d3b Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Wed, 27 Apr 2016 12:15:37 +0200
> Subject: [PATCH] smbd: Avoid large reads beyond EOF
>
> With unix extensions and oplocks=no mount.cifs from jessie reads beyond the
> file end forever, and we are happy to return zeros....
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/smbd/reply.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
> index cbe15a3..e0e55c6 100644
> --- a/source3/smbd/reply.c
> +++ b/source3/smbd/reply.c
> @@ -4100,6 +4100,16 @@ normal_read:
> uint8_t headerbuf[smb_size + 2*12 + 1 /* padding byte */];
> ssize_t ret;
>
> + if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
> + (startpos > fsp->fsp_name->st.st_ex_size) ||
> + (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
> + /*
> + * We already know that we would do a short
> + * read, so don't try the sendfile() path.
> + */
> + goto nosendfile_read;
> + }
> +
> construct_reply_common_req(req, (char *)headerbuf);
> setup_readX_header(req, (char *)headerbuf, smb_maxcnt);
>
> --
> 1.7.9.5
>
More information about the samba-technical
mailing list