[BUG REPORT] smbclient in samba 2.0.10 mangles filenames.
Alan Turner
alan at suburbia.com.au
Fri Jan 4 06:45:06 GMT 2002
Hi Folks
I believe I have come across a bug in the latest version of samba in the 2.0.x
series. Report follows. If this address is a mailing list, I'd appreciated it
if I could be CCd on replies.
I hope I've got this report right :-)
Thanks for your time, and for a very useful utility!
Cheers,
Alan
1. Description
--------------
The smbclient(1) utility as shipped with samba includes a feature for
creating tar backups of remote systems via SMB.
When a file path on the remote system is exactly 99 characters long, the last
character in the path is truncated in the tar header. This can result in
several files in the tarfile with the same path.
2. Impact
---------
Based on a very quick analysis of the code, it would appear that the only data
lost is the last character of the file path. If multiple files with 99
character path lengths were unique only in the last character, then special
attention would be required to extract them from the tarfile (as other files
with the same name would overwrite them in a normal extraction).
3. Versions affected
--------------------
I have verified that the bug exists in v2.0.7 (as shipped with
debian 2.2), and in v2.0.10. The bug appears not to exist in v2.2.2.
4. Specific Details
-------------------
The bug appears in samba-2.0.10/source/client/clitar.c, in writetarheader():
172 static void writetarheader(int f, char *aname, int size, time_t mtime,
173 char *amode, unsigned char ftype)
174 {
175 union hblock hb;
176 int i, chk, l;
177 char *jp;
178
179 DEBUG(5, ("WriteTarHdr, Type = %c, Size= %i, Name = %s\n", ftype, size, aname));
180
181 memset(hb.dummy, 0, sizeof(hb.dummy));
182
183 l=strlen(aname);
184 if (l >= NAMSIZ) {
185 /* write a GNU tar style long header */
186 char *b;
187 b = (char *)malloc(l+TBLOCK+100);
188 if (!b) {
189 DEBUG(0,("out of memory\n"));
190 exit(1);
191 }
192 writetarheader(f, "/./@LongLink", l+1, 0, " 0 \0", 'L');
193 memset(b, 0, l+TBLOCK+100);
194 fixtarname(b, aname, l);
195 i = strlen(b)+1;
196 DEBUG(5, ("File name in tar file: %s, size=%d, \n", b, (int)strlen(b)));
197 dotarbuf(f, b, TBLOCK*(((i-1)/TBLOCK)+1));
198 free(b);
199 }
200
201 /* use l + 1 to do the null too */
202 fixtarname(hb.dbuf.name, aname, (l >= NAMSIZ) ? NAMSIZ : l + 1);
On line 184, a check is made to see whether a GNU tar long style header is
required to hold a file path which exceeds 99 characters. Since the file
path does not exceed 99 chars (is exactly 99 chars), a regular style tar
header is used. On line 202, the path is mangled such that is it localised
(begins with .), and conforms to unix naming conventions.
Unfortunately, this process adds an extra character to the filename (now
100 chars). The last character in the filename gets truncated.
5. How to reproduce
-------------------
1. Create an SMB share.
2. In the root directory of the share, create the following three files:
CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/test_mjt_3_int_no_scope.
CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/test_mjt_3_int_no_scope.c
CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/test_mjt_3_int_no_scope.h
3. Connect to the share using smbclient, and tar up the CO2_system directory:
Domain=[LOCALNET] OS=[Unix] Server=[Samba 2.0.8]
smb: \> tar c ttar.tar CO2_system
4. List the contents of the tarfile and note the existance of duplicate
filenames:
alan at freddy:~/samba-2.0.10/source/bin$ tar -tvf ttar.tar
drwxr-xr-x 0/0 0 2002-01-04 15:16:50 ./CO2_system/
drwxr-xr-x 0/0 0 2002-01-04 15:17:09 ./CO2_system/XPC_driver/
drwxr-xr-x 0/0 0 2002-01-04 15:17:24 ./CO2_system/XPC_driver/XPC_1_3/
drwxr-xr-x 0/0 0 2002-01-04 15:24:34 ./CO2_system/XPC_driver/XPC_1_3/Interrupts/
drwxr-xr-x 0/0 0 2002-01-04 20:29:09 ./CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/
-rw-r--r-- 0/0 2445 2001-11-23 16:47:21 ./CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/test_mjt_3_int_no_scope.
-rw-r--r-- 0/0 2445 2002-01-04 20:29:06 ./CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/test_mjt_3_int_no_scope.
-rw-r--r-- 0/0 2445 2002-01-04 20:29:08 ./CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/test_mjt_3_int_no_scope.
-rw-r--r-- 0/0 2445 2002-01-04 20:29:09 ./CO2_system/XPC_driver/XPC_1_3/Interrupts/test_mjt_3_int_no_scope_xpc_rtw/test_mjt_3_int_no_scope.
alan at freddy:~/samba-2.0.10/source/bin$
6. Fix
------
Since I am unfamilar with this code, I have decided to report the bug rather
than fix it myself. If the code is not being actively maintained, I
could probably write a patch. Please contact me by email if this is required.
7. Further Information
----------------------
If any further information is required, please email Alan Turner
<alan -at- suburbia.com.au>
--
Alan Turner | Voice/Fax: (02) 9481 8223
Live never to be ashamed of anything you do or say.
More information about the samba
mailing list