From f58e84174471ff18cab2ea9c3af792b7de29e6c7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Oct 2015 15:13:47 -0700 Subject: [PATCH] smbd: Fix file name buflen and padding in notify repsonse The array is uint16, doubling the file name length consumes twice the space required. As we're hand assembling this as a series of concatinated individual data_blobs, we must take care to ensure the correct 4 byte alignment that was being masked by the previous doubling of the filename length. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10634 Signed-off-by: Jeremy Allison Signed-off-by: Volker Lendecke --- librpc/idl/notify.idl | 4 +++- source3/smbd/notify.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/librpc/idl/notify.idl b/librpc/idl/notify.idl index 66422ec..853ac47 100644 --- a/librpc/idl/notify.idl +++ b/librpc/idl/notify.idl @@ -93,6 +93,8 @@ interface notify uint32 NextEntryOffset; FILE_NOTIFY_ACTION Action; [value(strlen_m(FileName1)*2)] uint32 FileNameLength; - [charset(UTF16),flag(STR_NOTERM)] uint16 FileName1[FileNameLength]; + [charset(UTF16),flag(STR_NOTERM)] + uint16 FileName1[strlen_m(FileName1)]; + DATA_BLOB _pad; } FILE_NOTIFY_INFORMATION; } diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index e776749..ff5ef76 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -138,6 +138,7 @@ static bool notify_marshall_changes(int num_changes, struct notify_change_event *c; struct FILE_NOTIFY_INFORMATION m; DATA_BLOB blob; + uint16_t pad = 0; /* Coalesce any identical records. */ while (i+1 < num_changes && @@ -151,6 +152,8 @@ static bool notify_marshall_changes(int num_changes, m.FileName1 = c->name; m.FileNameLength = strlen_m(c->name)*2; m.Action = c->action; + m._pad = (m.FileNameLength % 4) == 2 ? data_blob_const(&pad, 2) : + data_blob_null; m.NextEntryOffset = (i == num_changes-1) ? 0 : ndr_size_FILE_NOTIFY_INFORMATION(&m, 0); /* -- 2.6.0.rc2.230.g3dd15c0