The Samba-Bugzilla – Attachment 11990 Details for
Bug 11623
Fix STATUS_BUFFER_OVERFLOW for ncacn_np connections
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-3-test
tmp43.diff.txt (text/plain), 10.01 KB, created by
Stefan Metzmacher
on 2016-04-13 17:24:05 UTC
(
hide
)
Description:
Patches for v4-3-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2016-04-13 17:24:05 UTC
Size:
10.01 KB
patch
obsolete
>From de0c483c14eb51c2deb59587618a6e1bb6feb073 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 27 Nov 2015 19:10:01 +0100 >Subject: [PATCH 1/4] libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in > smb2cli_read* > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit b47bfce6781ea3be2b85cbef348107eda4f98860) >--- > libcli/smb/smb2cli_read.c | 26 +++++++++++++++++++++----- > 1 file changed, 21 insertions(+), 5 deletions(-) > >diff --git a/libcli/smb/smb2cli_read.c b/libcli/smb/smb2cli_read.c >index 4a31622..8110b65 100644 >--- a/libcli/smb/smb2cli_read.c >+++ b/libcli/smb/smb2cli_read.c >@@ -29,6 +29,7 @@ struct smb2cli_read_state { > struct iovec *recv_iov; > uint8_t *data; > uint32_t data_length; >+ bool out_valid; > }; > > static void smb2cli_read_done(struct tevent_req *subreq); >@@ -105,8 +106,12 @@ static void smb2cli_read_done(struct tevent_req *subreq) > status = smb2cli_req_recv(subreq, state, &iov, > expected, ARRAY_SIZE(expected)); > TALLOC_FREE(subreq); >- if (tevent_req_nterror(req, status)) { >- return; >+ if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) { >+ /* no error */ >+ } else { >+ if (tevent_req_nterror(req, status)) { >+ return; >+ } > } > > data_offset = CVAL(iov[1].iov_base, 2); >@@ -120,6 +125,13 @@ static void smb2cli_read_done(struct tevent_req *subreq) > > state->recv_iov = iov; > state->data = (uint8_t *)iov[2].iov_base; >+ >+ state->out_valid = true; >+ >+ if (tevent_req_nterror(req, status)) { >+ return; >+ } >+ > tevent_req_done(req); > } > >@@ -129,15 +141,19 @@ NTSTATUS smb2cli_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, > struct smb2cli_read_state *state = > tevent_req_data(req, > struct smb2cli_read_state); >- NTSTATUS status; >+ NTSTATUS status = NT_STATUS_OK; > >- if (tevent_req_is_nterror(req, &status)) { >+ if (tevent_req_is_nterror(req, &status) && !state->out_valid) { >+ *data_length = 0; >+ *data = NULL; >+ tevent_req_received(req); > return status; > } > talloc_steal(mem_ctx, state->recv_iov); > *data_length = state->data_length; > *data = state->data; >- return NT_STATUS_OK; >+ tevent_req_received(req); >+ return status; > } > > NTSTATUS smb2cli_read(struct smbXcli_conn *conn, >-- >1.9.1 > > >From 9f7ce43663380958cc481117911c2c568c80fb8d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 27 Nov 2015 19:10:01 +0100 >Subject: [PATCH 2/4] libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in > smb2cli_query_info* > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 68850f3f56e9b28b298c1bc3a6249f9c26602217) >--- > libcli/smb/smb2cli_query_info.c | 24 +++++++++++++++++++----- > 1 file changed, 19 insertions(+), 5 deletions(-) > >diff --git a/libcli/smb/smb2cli_query_info.c b/libcli/smb/smb2cli_query_info.c >index a24844b..d499611 100644 >--- a/libcli/smb/smb2cli_query_info.c >+++ b/libcli/smb/smb2cli_query_info.c >@@ -29,6 +29,7 @@ struct smb2cli_query_info_state { > uint32_t max_output_length; > struct iovec *recv_iov; > DATA_BLOB out_output_buffer; >+ bool out_valid; > }; > > static void smb2cli_query_info_done(struct tevent_req *subreq); >@@ -135,8 +136,12 @@ static void smb2cli_query_info_done(struct tevent_req *subreq) > status = smb2cli_req_recv(subreq, state, &iov, > expected, ARRAY_SIZE(expected)); > TALLOC_FREE(subreq); >- if (tevent_req_nterror(req, status)) { >- return; >+ if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) { >+ /* no error */ >+ } else { >+ if (tevent_req_nterror(req, status)) { >+ return; >+ } > } > > state->recv_iov = iov; >@@ -170,6 +175,12 @@ static void smb2cli_query_info_done(struct tevent_req *subreq) > state->out_output_buffer.length = output_buffer_length; > } > >+ state->out_valid = true; >+ >+ if (tevent_req_nterror(req, status)) { >+ return; >+ } >+ > tevent_req_done(req); > } > >@@ -180,9 +191,12 @@ NTSTATUS smb2cli_query_info_recv(struct tevent_req *req, > struct smb2cli_query_info_state *state = > tevent_req_data(req, > struct smb2cli_query_info_state); >- NTSTATUS status; >+ NTSTATUS status = NT_STATUS_OK; > >- if (tevent_req_is_nterror(req, &status)) { >+ if (tevent_req_is_nterror(req, &status) && !state->out_valid) { >+ if (out_output_buffer) { >+ *out_output_buffer = data_blob_null; >+ } > tevent_req_received(req); > return status; > } >@@ -193,7 +207,7 @@ NTSTATUS smb2cli_query_info_recv(struct tevent_req *req, > } > > tevent_req_received(req); >- return NT_STATUS_OK; >+ return status; > } > > NTSTATUS smb2cli_query_info(struct smbXcli_conn *conn, >-- >1.9.1 > > >From c6f4757e034cb1fef559c90b7ad433d85e095789 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 27 Nov 2015 19:10:01 +0100 >Subject: [PATCH 3/4] libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in > smb1cli_readx* > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 0e8d33fb5ffd6fdb0e503c5ff59e3635bbf10041) >--- > libcli/smb/smb1cli_read.c | 53 +++++++++++++++++++++++++++++++---------------- > 1 file changed, 35 insertions(+), 18 deletions(-) > >diff --git a/libcli/smb/smb1cli_read.c b/libcli/smb/smb1cli_read.c >index ab250ab..d7a7f43 100644 >--- a/libcli/smb/smb1cli_read.c >+++ b/libcli/smb/smb1cli_read.c >@@ -26,9 +26,9 @@ > struct smb1cli_readx_state { > uint32_t size; > uint16_t vwv[12]; >- NTSTATUS status; > uint32_t received; > uint8_t *buf; >+ bool out_valid; > }; > > static void smb1cli_readx_done(struct tevent_req *subreq); >@@ -131,27 +131,36 @@ static void smb1cli_readx_done(struct tevent_req *subreq) > uint8_t *bytes; > uint16_t data_offset; > uint32_t bytes_offset; >+ NTSTATUS status; > static const struct smb1cli_req_expected_response expected[] = { > { > .status = NT_STATUS_OK, > .wct = 0x0C > }, >+ { >+ .status = STATUS_BUFFER_OVERFLOW, >+ .wct = 0x0C >+ }, > }; > >- state->status = smb1cli_req_recv(subreq, state, >- &recv_iov, >- NULL, /* phdr */ >- &wct, >- &vwv, >- NULL, /* pvwv_offset */ >- &num_bytes, >- &bytes, >- &bytes_offset, >- NULL, /* inbuf */ >- expected, ARRAY_SIZE(expected)); >+ status = smb1cli_req_recv(subreq, state, >+ &recv_iov, >+ NULL, /* phdr */ >+ &wct, >+ &vwv, >+ NULL, /* pvwv_offset */ >+ &num_bytes, >+ &bytes, >+ &bytes_offset, >+ NULL, /* inbuf */ >+ expected, ARRAY_SIZE(expected)); > TALLOC_FREE(subreq); >- if (tevent_req_nterror(req, state->status)) { >- return; >+ if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) { >+ /* no error */ >+ } else { >+ if (tevent_req_nterror(req, status)) { >+ return; >+ } > } > > /* size is the number of bytes the server returned. >@@ -189,6 +198,12 @@ static void smb1cli_readx_done(struct tevent_req *subreq) > > state->buf = bytes + (data_offset - bytes_offset); > >+ state->out_valid = true; >+ >+ if (tevent_req_nterror(req, status)) { >+ return; >+ } >+ > tevent_req_done(req); > } > >@@ -205,7 +220,7 @@ static void smb1cli_readx_done(struct tevent_req *subreq) > * @param[out] received The number of bytes received. > * @param[out] rcvbuf Pointer to the bytes received. > * >- * @return NT_STATUS_OK on succsess. >+ * @return NT_STATUS_OK or STATUS_BUFFER_OVERFLOW on succsess. > */ > NTSTATUS smb1cli_readx_recv(struct tevent_req *req, > uint32_t *received, >@@ -213,12 +228,14 @@ NTSTATUS smb1cli_readx_recv(struct tevent_req *req, > { > struct smb1cli_readx_state *state = tevent_req_data( > req, struct smb1cli_readx_state); >- NTSTATUS status; >+ NTSTATUS status = NT_STATUS_OK; > >- if (tevent_req_is_nterror(req, &status)) { >+ if (tevent_req_is_nterror(req, &status) && !state->out_valid) { >+ *received = 0; >+ *rcvbuf = NULL; > return status; > } > *received = state->received; > *rcvbuf = state->buf; >- return NT_STATUS_OK; >+ return status; > } >-- >1.9.1 > > >From e01d85956811abe30b1c920b8598288c541f3ffd Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 27 Nov 2015 18:19:38 +0100 >Subject: [PATCH 4/4] libcli/smb: fix BUFFER_OVERFLOW handling in > tstream_smbXcli_np > >The special error is not NT_STATUS_BUFFER_TOO_SMALL, but STATUS_BUFFER_OVERFLOW. > >Tested using TSTREAM_SMBXCLI_NP_MAX_BUF_SIZE == 20 and running >the following commands against a Windows 2012R2 server: > >bin/smbtorture ncacn_np:SERVER[] rpc.lsa-getuser >bin/smbtorture ncacn_np:SERVER[smb2] rpc.lsa-getuser > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Tue Dec 1 03:42:52 CET 2015 on sn-devel-104 > >(cherry picked from commit 3bbd8d3614af641535ab0925303ad07c03c4e094) >--- > libcli/smb/tstream_smbXcli_np.c | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > >diff --git a/libcli/smb/tstream_smbXcli_np.c b/libcli/smb/tstream_smbXcli_np.c >index 248bfb0..a59db13 100644 >--- a/libcli/smb/tstream_smbXcli_np.c >+++ b/libcli/smb/tstream_smbXcli_np.c >@@ -980,7 +980,14 @@ static void tstream_smbXcli_np_readv_trans_done(struct tevent_req *subreq) > received = out_output_buffer.length; > } > TALLOC_FREE(subreq); >- if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) { >+ if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) { >+ /* >+ * STATUS_BUFFER_OVERFLOW means that there's >+ * more data to read when the named pipe is used >+ * in message mode (which is the case here). >+ * >+ * But we hide this from the caller. >+ */ > status = NT_STATUS_OK; > } > if (!NT_STATUS_IS_OK(status)) { >@@ -1056,9 +1063,9 @@ static void tstream_smbXcli_np_readv_read_done(struct tevent_req *subreq) > * We can't TALLOC_FREE(subreq) as usual here, as rcvbuf still is a > * child of that. > */ >- if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) { >+ if (NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) { > /* >- * NT_STATUS_BUFFER_TOO_SMALL means that there's >+ * STATUS_BUFFER_OVERFLOW means that there's > * more data to read when the named pipe is used > * in message mode (which is the case here). > * >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 11623
: 11990