Bug in Samba's implementation of FSCTL_QUERY_ALLOCATED_RANGES?
David Howells
dhowells at redhat.com
Thu Aug 22 22:26:00 UTC 2024
Hi Jeremy,
> Bug is in fsctl_qar():
>
> ndr_ret = ndr_push_struct_blob(out_output, mem_ctx, &qar_rsp,
> (ndr_push_flags_fn_t)ndr_push_fsctl_query_alloced_ranges_rsp);
> if (ndr_ret != NDR_ERR_SUCCESS) {
> DEBUG(0, ("failed to marshall QAR rsp\n"));
> return NT_STATUS_INVALID_PARAMETER;
> }
>
> if (out_output->length > in_max_output) {
> DEBUG(2, ("QAR output len %lu exceeds max %lu\n",
> (unsigned long)out_output->length,
> (unsigned long)in_max_output));
> data_blob_free(out_output);
> return NT_STATUS_BUFFER_TOO_SMALL;
> }
>
> I'm guessing in this case we need to just truncate out_output->length
> to in_max_output and return STATUS_BUFFER_OVERFLOW.
Do you perchance have a fix for this? I'm seeing it cause failures in
xfstests when running against cifs connected to samba.
Thanks,
David
More information about the samba-technical
mailing list