[Samba] Re: string overflow in safe_strcpy

Carl Matthews cmatthews at myrealbox.com
Tue Jun 29 14:59:21 GMT 2004 

also there are smbd errors but they happen alot less than the nmbd ones, 
heres a sample :

> Jun 29 15:50:09 mandrake1 smbd[27918]: [2004/06/29 15:50:09, 0] lib/util_str.c:safe_strcpy_fn(600)
> Jun 29 15:50:09 mandrake1 smbd[27918]:   ERROR: string overflow by 1 (9 - 8) in safe_strcpy [SHORT~GC.LNK]
> Jun 29 15:50:09 mandrake1 smbd[27918]: [2004/06/29 15:50:09, 0] lib/util_str.c:safe_strcpy_fn(600)
> Jun 29 15:50:09 mandrake1 smbd[27918]:   ERROR: string overflow by 1 (25 - 24) in safe_strcpy [Shortcut to 75als176.pdf.lnk]
> Jun 29 15:50:09 mandrake1 smbd[27918]: [2004/06/29 15:50:09, 0] lib/util_str.c:safe_strcpy_fn(600)
> Jun 29 15:50:09 mandrake1 smbd[27918]:   ERROR: string overflow by 1 (9 - 8) in safe_strcpy [SHORT~WF.LNK]
> Jun 29 15:50:09 mandrake1 smbd[27918]: [2004/06/29 15:50:09, 0] lib/util_str.c:safe_strcpy_fn(600)
> Jun 29 15:50:09 mandrake1 smbd[27918]:   ERROR: string overflow by 1 (25 - 24) in safe_strcpy [Shortcut to hcpl7101.pdf.lnk]


Heres my smb.conf, just incase:
> 
> # Global parameters
> [global]
>         netbios aliases = FC1
>         server string = FedoraCore1
>         password server = None
>         guest account = mleall
>         username map = /etc/samba/smbusers
>         log level = 0
>         log file = /var/log/samba/%m.log
>         max log size = 500
>         name resolve order = wins lmhosts host bcas
>         deadtime = 15
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         load printers = No
>         mangling method = hash
>         preferred master = Yes
>         domain master = No
>         dns proxy = No
>         wins support = Yes
>         oplock break wait time = 100
>         ldap ssl = no
>         valid users = @MLE-ALL
>         create mask = 0775
>         directory mask = 0775
>         guest ok = Yes
>         dos filemode = Yes
> 
> [www]
>         comment = Webserver
>         path = /var/www
>         read list = carl
>         write list = carl
>         force user = mleall
>         force group = MLE-ALL
>         read only = No
>         guest ok = No
> 
> [homes]
>         comment = Home Directories
>         path = /home/%u
>         read only = No

Thanks,
Carl Matthews


Carl Matthews wrote:
> Also i've just noticed the errors never occur for directorys but only 
> for files longer than the 8.3. Which again suggests an error in the hash 
> mangling method.
> 
> Carl wrote:
> 
>>
>>  I updated our server to 3.0.5pre1 this morning from the fc1 rpms 
>> linked by samba.org.
>> But the errors persist, But like corey they do dissappear when 
>> "mangling method = hash" is rem'd out but this then makes long file 
>> names unreadable to programs that use 8.3 filenames, like some of the 
>> old compilers we use here.
>>
>> The errors occur at the sametime as Corey's when ever you browse a 
>> share you get an error for all the files in that directory.
>>
>> Is there any more info you might need to track this down?
>>
>> Thanks,
>> Carl Matthews
>>
>> sample of my log file :
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]:   ERROR: string overflow by 
>> 1 (57 - 56) in safe_strcpy [Software & Driver downloads HP Officejet 
>> g55 All-]
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]: [2004/06/29 08:41:16, 0] 
>> lib/util_str.c:safe_strcpy_fn(600)
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]:   ERROR: string overflow by 
>> 1 (9 - 8) in safe_strcpy [HP OF~YU.URL]
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]: [2004/06/29 08:41:16, 0] 
>> lib/util_str.c:safe_strcpy_fn(600)
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]:   ERROR: string overflow by 
>> 1 (97 - 96) in safe_strcpy [HP Officejet g55 All-in-One HP OfficeJet 
>> G Series]
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]: [2004/06/29 08:41:16, 0] 
>> lib/util_str.c:safe_strcpy_fn(600)
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]:   ERROR: string overflow by 
>> 1 (9 - 8) in safe_strcpy [28-06~LT.ZIP]
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]: [2004/06/29 08:41:16, 0] 
>> lib/util_str.c:safe_strcpy_fn(600)
>> Jun 29 08:41:16 mandrake1 nss_wins[27719]:   ERROR: string overflow by 
>> 1 (20 - 19) in safe_strcpy [28-06-2004 09-56-06.zip]
>>
>> I updateJeremy Allison wrote:
>>
>>> On Fri, Jun 25, 2004 at 12:57:53AM +0100, Carl wrote:
>>>
>>>> Yeah i get this problem too, with samba 3.04 on FC1 exactly the 
>>>> same, string errors when browsing any share which fills up my 
>>>> /var/log/messages file
>>>>
>>>> Any one know a fix?
>>>
>>>
>>>
>>>
>>> Can you try 3.0.5pre1. This looks like a bug we've fixed w.r.t.
>>> NetBIOS names.
>>>
>>> Jeremy.
>>
>>
>>
>

More information about the samba mailing list