[Samba] String overflow in safe_strcpy .

Carl cmatthews at myrealbox.com
Wed Jul 14 22:03:26 GMT 2004 

Just Installed 3.0.5rc1 and the problem persists unfortunately,

heres a sample of my log :

wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [TAENO~EI.PDF]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(16 - 15) in safe_strcpy [taeno_checklist.pdf]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [TAENO~M9.PDF]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(16 - 15) in safe_strcpy [taeno_effective.pdf]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [TAENO~K1.PDF]
Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:03 mandrake1 nss_wins[15212]:   ERROR: string overflow by 1 
(16 - 15) in safe_strcpy [taeno_structure.pdf]
Jul 12 12:31:09 mandrake1 nss_wins[15215]: [2004/07/12 12:31:09, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:09 mandrake1 nss_wins[15215]:   ERROR: string overflow by 1 
(9 - 8) in safe_strcpy [INITC~FJ.BAK]
Jul 12 12:31:09 mandrake1 nss_wins[15215]: [2004/07/12 12:31:09, 0] 
lib/util_str.c:safe_strcpy_fn(600)
Jul 12 12:31:09 mandrake1 nss_wins[15215]:   ERROR: string overflow by 1 
(7 - 6) in safe_strcpy [INIT.C.bak]

i also get these errors ocasionaly

wins[15421]: [2004/07/12 12:37:19, 0] 
smbd/service.c:make_connection_snum(535)
Jul 12 12:37:19 mandrake1 nss_wins[15421]:   Can't become connected user!


my .conf remains the same as before.

If you need anything else just let me know.

see the thread ( String overflow in safe_strcpy ) for history

Cheers,
Carl Matthews


Jeremy Allison wrote:

 > On Tue, Jun 29, 2004 at 09:13:05AM +0100, Carl Matthews wrote:
 >
 >> Also i've just noticed the errors never occur for directorys but 
only for files longer than the 8.3. Which again suggests an error in the 
hash mangling method.
 >
 >
 >
 > Here's the fix. Incorrect use of safe_strcpy (memcpy should be used 
instead).
 >
 > Jeremy.
 >
 >
 > ------------------------------------------------------------------------
 >
 > Index: smbd/mangle_hash.c
 > ===================================================================
 > --- smbd/mangle_hash.c    (revision 1298)
 > +++ smbd/mangle_hash.c    (working copy)
 > @@ -546,8 +546,10 @@
 >      /* Fill the new cache entry, and add it to the cache. */
 >      s1 = (char *)(new_entry + 1);
 >      s2 = (char *)&(s1[mangled_len + 1]);
 > -    safe_strcpy( s1, mangled_name, mangled_len );
 > -    safe_strcpy( s2, raw_name,     raw_len );
 > +    memcpy( s1, mangled_name, mangled_len );
 > +    s1[mangled_len] = '\0';
 > +    memcpy( s2, raw_name, raw_len );
 > +    s2[raw_len] = '\0';
 >      ubi_cachePut( mangled_cache, i, new_entry, s1 );
 >  }
 >
 >

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list