[Samba] Re: String overflow in safe_strcpy

Carl Matthews cmatthews at myrealbox.com
Tue Aug 3 08:05:02 GMT 2004 

Hi Jeremy,

Please See the attached .tar with an example file structure that will 
cause the problem on FC2.

Samba version 3.05
FC2 2.4.22-1.2194.nptl #1 Thu Jun 17 10:56:28 EDT 2004 i686 athlon i386 
GNU/Linux

These folders were located in /home/local/samba-public

But again this will happen for every file over the 8.3 limit

Below are the errors it causes when i list the directory using winxp 
home client:

Aug  3 08:56:59 mandrake1 nss_wins[7438]: [2004/08/03 08:56:59, 0] 
lib/util_str.c:safe_strcpy_fn(602)
Aug  3 08:56:59 mandrake1 nss_wins[7438]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [THIS ~P0.TXT]
Aug  3 08:56:59 mandrake1 nss_wins[7438]: [2004/08/03 08:56:59, 0] 
lib/util_str.c:safe_strcpy_fn(602)
Aug  3 08:56:59 mandrake1 nss_wins[7438]:   ERROR: string overflow by 1 
(20 - 19) in safe_strcpy [This Folder is long.txt]
Aug  3 08:57:02 mandrake1 nss_wins[7438]: [2004/08/03 08:57:02, 0] 
lib/util_str.c:safe_strcpy_fn(602)
Aug  3 08:57:02 mandrake1 nss_wins[7438]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [THIS ~50.TXT]
Aug  3 08:57:02 mandrake1 nss_wins[7438]: [2004/08/03 08:57:02, 0] 
lib/util_str.c:safe_strcpy_fn(602)
Aug  3 08:57:02 mandrake1 nss_wins[7438]:   ERROR: string overflow by 1 
(24 - 23) in safe_strcpy [This Folder is long too.txt]

If you need any more info just let me know.

Best Regards
Carl.


Carl wrote:
> Hi,
> 
> We have 98se2 and xp home sp1 and xp pro sp1 clients, i know for sure 
> win98 and xp home when listing a directory cause this problem, we only 
> have a few xp pro laptops so i cant be 100% sure about those.
> 
> as for the directory i can on monday when i go back to work, but it will 
> happen with any file over the limit, i end up with error logs of about 
> 500-600mb full of these errors.
> 
> The clients are windows 98 se and windows xp home, I know that errors 
> are reported for them im pretty sure its any client but i cant say i 
> have proven that.
> 
> I have a fedora box here so i might try to reproduce the errors on it 
> tonight so i have sumthing to send you. Its a shame are old compilers 
> and our old pcb cad system dont like the hash2.
> 
> Thanks,
> Carl.
> 
> 
>> On Fri, Jul 30, 2004 at 07:58:59PM +0100, Carl wrote:
>>
>>> Hi jeremy,
>>>
>>> You not going to like this but I am still getting the errors "String 
>>> overflow in safe_strcpy" with the same config file as before and with 
>>> the latest release (3.0.5.2 - fedora2 rpms from 
>>> http://www.mirror.ac.uk/sites/ftp.samba.org/Binary_Packages/Fedora/RPMS/i386/core/2/ 
>>> )
>>>
>>> I have included the errors in the attached .txt file.
>>>
>>> all i had to do to reproduce the error was goto a directory 
>>> containing the samba rpm files ( which are over the 8.3 ) and of 
>>> course the same happens for any other file over the 8.3 but not for 
>>> directories.
>>
>>
>>
>> Ok, can you give me a tarball containing the directory and also
>> the *exact* client you're using to reproduce this so I can check.
>>
>> Thanks,
>>
>>     Jeremy.
> 
> 

-------------- next part --------------
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/06/23 10:15:40

# Global parameters
[global]
	server string = Mandrake1
	netbios aliases = FC1
	password server = None
	guest account = mleall
	username map = /etc/samba/smbusers
	log level = 0
	log file = /var/log/samba/%m.log
	max log size = 500
	name resolve order = wins lmhosts host bcas
	deadtime = 15
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	load printers = No
	mangling method = hash
	preferred master = Yes
	domain master = No
	dns proxy = No
	wins support = Yes
	oplock break wait time = 100
	ldap ssl = no
	valid users = @MLE-ALL
	create mask = 0775
	directory mask = 0775
	guest ok = Yes
	dos filemode = Yes


[NET-Eng]
	comment = Product Design By Genius
	path = /mnt/mle-net/MLE-NET/MLE-NET-Eng
	write list = @MLE-ALL
	force user = mleall
	read only = No

[NET-GMDB]
	comment = MLE-NET GoldMine DB
	path = /mnt/mle-net/MLE-NET/MLE-NET-GMDB
	write list = @MLE-ALL
	force user = mleall
	read only = No
	veto oplock files = /*.DBT/*.DBF/*.MDX/
	blocking locks = No
	level2 oplocks = No
	dos filemode = No

[NET-Public]
	comment = MLE-NET Public Share
	path = /home/local/samba-public
	write list = @MLE-ALL
	force user = mleall
	read only = No
	copy = NET-Eng

More information about the samba mailing list