The Samba-Bugzilla – Attachment 10169 Details for
Bug 10716
smbd constantly crashes when filename contains non-ascii character
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for master, 4.1.next and 4.0.next.
bug-10716-master.patch (text/plain), 4.83 KB, created by
Jeremy Allison
on 2014-08-02 04:45:13 UTC
(
hide
)
Description:
git-am fix for master, 4.1.next and 4.0.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2014-08-02 04:45:13 UTC
Size:
4.83 KB
patch
obsolete
>From 09e739133f460bb64e17deded6ab5f9edfb6db4a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 1 Aug 2014 21:29:21 -0700 >Subject: [PATCH 1/2] lib: strings: Fix the behavior of strcasecmp_m_handle() > in the face of bad conversions. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >When either string has a bad conversion, we fall back to >doing raw ascii byte comparisons using strcasecmp(). > >The problem is we've already stepped past the character >that failed the conversion, so we're not re-testing those >characters for comparison. This can have the effect of >causing strcasecmp_m_handle() to report that two strings >are identical when they are not, if the failed conversion >takes place at the end of the string. > >The correct behavior is to step back to the point of >the string(s) that failed the conversion, and continue >the test from there. > >Found by <lev@zadarastorage.com> when investigating bug >10716 - smbd constantly crashes when filename contains non-ascii character. > >Given the normal character set of utf-8, and an on >disk filename of ISO-8859-1 of file-é on disk hex >value: 66 69 6c 65 2d e9, an incoming open given the >correct utf8 name of file-é will collide when it >should not. > >Fixes: > >Bug 10716 - smbd constantly crashes when filename contains non-ascii character > >https://bugzilla.samba.org/show_bug.cgi?id=10716 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > lib/util/charset/util_str.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > >diff --git a/lib/util/charset/util_str.c b/lib/util/charset/util_str.c >index 688ab5a..1810e24 100644 >--- a/lib/util/charset/util_str.c >+++ b/lib/util/charset/util_str.c >@@ -56,7 +56,17 @@ _PUBLIC_ int strcasecmp_m_handle(struct smb_iconv_handle *iconv_handle, > > if (c1 == INVALID_CODEPOINT || > c2 == INVALID_CODEPOINT) { >- /* what else can we do?? */ >+ /* >+ * Fall back to byte >+ * comparison. We must >+ * step back by the codepoint >+ * length we just incremented >+ * - otherwise we are not >+ * checking the bytes that >+ * failed the conversion. >+ */ >+ s1 -= size1; >+ s2 -= size2; > return strcasecmp(s1, s2); > } > >-- >1.9.1 > > >From a14128e0591e7ab731a89e0bbba9cfa0f15c2ef6 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 1 Aug 2014 21:38:59 -0700 >Subject: [PATCH 2/2] lib: strings: Fix the behavior of strncasecmp_m_handle() > in the face of bad conversions. > >When either string has a bad conversion, we fall back to >doing raw ascii byte comparisons using strcasecmp(). This >is wrong - we should fall back to strncasecmp. > >The problem is we've already stepped past the character >that failed the conversion, so we're not re-testing those >characters for comparison. This can have the effect of >causing strncasecmp_m_handle() to report that two strings >are identical when they are not, if the failed conversion >takes place at the end of the string. > >The correct behavior is to step back to the point of >the string(s) that failed the conversion, and continue >the test from there. > >This is a litle trickier than the previous fix, as >it requires converting the incoming n variable from >remaining characters to compare to remaining bytes to >compare. > >As bytes are always the smallest character size >(1 byte) then it's safe to convert the remaining >characters to check by decrementing the source string >by the last character length (in bytes) and incrementing >the remaining bytes to scan by the same value, then >calling strncasecmp() with the stepped back strings >remaining. > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > lib/util/charset/util_str.c | 29 +++++++++++++++++++++++++++-- > 1 file changed, 27 insertions(+), 2 deletions(-) > >diff --git a/lib/util/charset/util_str.c b/lib/util/charset/util_str.c >index 1810e24..f62c999 100644 >--- a/lib/util/charset/util_str.c >+++ b/lib/util/charset/util_str.c >@@ -116,8 +116,33 @@ _PUBLIC_ int strncasecmp_m_handle(struct smb_iconv_handle *iconv_handle, > > if (c1 == INVALID_CODEPOINT || > c2 == INVALID_CODEPOINT) { >- /* what else can we do?? */ >- return strcasecmp(s1, s2); >+ /* >+ * Fall back to byte >+ * comparison. We must >+ * step back by the codepoint >+ * length we just incremented >+ * by - otherwise we are not >+ * checking the bytes that >+ * failed the conversion. >+ */ >+ s1 -= size1; >+ s2 -= size2; >+ /* >+ * n was specified in characters, >+ * now we must convert it to bytes. >+ * As bytes are the smallest >+ * character unit, the following >+ * increment and strncasecmp is always >+ * safe. >+ * >+ * The source string was already known >+ * to be n characters long, so we are >+ * guaranteed to be able to look at the >+ * (n remaining + size1) bytes from the >+ * new (s1 - size1) position). >+ */ >+ n += size1; >+ return strncasecmp(s1, s2, n); > } > > if (toupper_m(c1) != toupper_m(c2)) { >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 10716
:
10109
|
10165
|
10169
|
10175
|
10176