The Samba-Bugzilla – Attachment 15968 Details for
Bug 14374
Segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for master.
bug-14374-master (text/plain), 3.22 KB, created by
Jeremy Allison
on 2020-05-11 19:41:25 UTC
(
hide
)
Description:
git-am fix for master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2020-05-11 19:41:25 UTC
Size:
3.22 KB
patch
obsolete
>From 9d2d3bb16f2cf803a599c449c07ec5fa65fd8b1e Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 12:23:49 -0700 >Subject: [PATCH 1/3] s3: libsmb: In SMB2 return > NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL > filename. > >Can happen if namelen == 0. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/libsmb/cli_smb2_fnum.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c >index d29341c1708..0622a05a655 100644 >--- a/source3/libsmb/cli_smb2_fnum.c >+++ b/source3/libsmb/cli_smb2_fnum.c >@@ -1269,6 +1269,12 @@ static NTSTATUS parse_finfo_id_both_directory_info(uint8_t *dir_data, > /* Bad conversion. */ > return NT_STATUS_INVALID_NETWORK_RESPONSE; > } >+ >+ if (finfo->name == NULL) { >+ /* Bad conversion. */ >+ return NT_STATUS_INVALID_NETWORK_RESPONSE; >+ } >+ > return NT_STATUS_OK; > } > >-- >2.20.1 > > >From bd7023d3e16af043feadb0056922158cb1c78cad Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 12:34:10 -0700 >Subject: [PATCH 2/3] s3: libsmb: In SMB1 old protocol - return > NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL > filename. > >Can happen if namelen == 0. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/libsmb/clilist.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c >index f868e72a239..28449dec81c 100644 >--- a/source3/libsmb/clilist.c >+++ b/source3/libsmb/clilist.c >@@ -552,7 +552,10 @@ static NTSTATUS cli_list_old_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, > TALLOC_FREE(finfo); > return NT_STATUS_NO_MEMORY; > } >- >+ if (finfo->name == NULL) { >+ TALLOC_FREE(finfo); >+ return NT_STATUS_INVALID_NETWORK_RESPONSE; >+ } > status = is_bad_finfo_name(state->cli, finfo); > if (!NT_STATUS_IS_OK(status)) { > smbXcli_conn_disconnect(state->cli->conn, status); >-- >2.20.1 > > >From c6ce410dea3e65ef8bcda5b26901111c8c1d1c4a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 12:37:08 -0700 >Subject: [PATCH 3/3] s3: libsmbclient: Finish unifing behavior across SMB NT1 > protocol. > >On bad name conversion, exit the directory listing with an error, but leave the >connection intact. We were already checking for finfo->name == NULL here, >but were ignoring it and not reporting an error. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/libsmb/clilist.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c >index 28449dec81c..f9444bc401c 100644 >--- a/source3/libsmb/clilist.c >+++ b/source3/libsmb/clilist.c >@@ -794,8 +794,9 @@ static void cli_list_trans_done(struct tevent_req *subreq) > if (finfo->name == NULL) { > DEBUG(1, ("cli_list: Error: unable to parse name from " > "info level %d\n", state->info_level)); >- ff_eos = true; >- break; >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; > } > > status = is_bad_finfo_name(state->cli, finfo); >-- >2.20.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14374
:
15967
|
15968
|
15970
|
15972
|
15989
|
15990