[Samba] Re: string overflow in safe_strcpy

Carl Matthews cmatthews at myrealbox.com
Mon Jul 12 11:42:28 GMT 2004 

Just Installed 3.0.5rc1 and the problem persists unfortunately,

heres a sample of my log :

wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [TAENO~EI.PDF]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(16 - 15) in safe_strcpy [taeno_checklist.pdf]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [TAENO~M9.PDF]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(16 - 15) in safe_strcpy [taeno_effective.pdf]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [TAENO~K1.PDF]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(16 - 15) in safe_strcpy [taeno_structure.pdf]
Jul 12 12:31:09 mandrake1 nss_wins[15215]: [2004/07/12 12:31:09, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:09 mandrake1 nss_wins[15215]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [INITC~FJ.BAK]
Jul 12 12:31:09 mandrake1 nss_wins[15215]: [2004/07/12 12:31:09, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:09 mandrake1 nss_wins[15215]:   ERROR: string overflow by 1 
(7 - 6) in safe_strcpy [INIT.C.bak]

i also get these errors ocasionaly

wins[15421]: [2004/07/12 12:37:19, 0] 
smbd/service.c:make_connection_snum(535)
Jul 12 12:37:19 mandrake1 nss_wins[15421]:   Can't become connected user!


my .conf remains the same as before.

If you need anything else just let me know.


Cheers,
Carl Matthews


Jeremy Allison wrote:
> On Tue, Jun 29, 2004 at 09:13:05AM +0100, Carl Matthews wrote:
> 
>>Also i've just noticed the errors never occur for directorys but only 
>>for files longer than the 8.3. Which again suggests an error in the hash 
>>mangling method.
> 
> 
> Here's the fix. Incorrect use of safe_strcpy (memcpy should be used instead).
> 
> Jeremy.
> 
> 
> ------------------------------------------------------------------------
> 
> Index: smbd/mangle_hash.c
> ===================================================================
> --- smbd/mangle_hash.c	(revision 1298)
> +++ smbd/mangle_hash.c	(working copy)
> @@ -546,8 +546,10 @@
>  	/* Fill the new cache entry, and add it to the cache. */
>  	s1 = (char *)(new_entry + 1);
>  	s2 = (char *)&(s1[mangled_len + 1]);
> -	safe_strcpy( s1, mangled_name, mangled_len );
> -	safe_strcpy( s2, raw_name,     raw_len );
> +	memcpy( s1, mangled_name, mangled_len );
> +	s1[mangled_len] = '\0';
> +	memcpy( s2, raw_name, raw_len );
> +	s2[raw_len] = '\0';
>  	ubi_cachePut( mangled_cache, i, new_entry, s1 );
>  }
>  
>

More information about the samba mailing list