The Samba-Bugzilla – Attachment 15990 Details for
Bug 14374
Segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
back-ported git-am fix for 4.11.next.
bug-14374-4.11.patch (text/plain), 9.85 KB, created by
Jeremy Allison
on 2020-05-18 17:25:47 UTC
(
hide
)
Description:
back-ported git-am fix for 4.11.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2020-05-18 17:25:47 UTC
Size:
9.85 KB
patch
obsolete
>From 79f49614390e099d63adc50058ac4162270b90c9 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 14:10:54 -0700 >Subject: [PATCH 1/5] s3: selftest: Add share definition [bad_iconv] in > fileserver. > >Creates a utf8 valid filename within that is invalid in CP850. >Useful to test smbclient list directory character set conversions. > >https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(back-ported from commit a9651d6bc2b6dea8adc859ce21c2431253868887) >--- > selftest/target/Samba3.pm | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index b6bfcef824d..a15979199f0 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -959,6 +959,9 @@ sub setup_fileserver > my $usershare_sharedir="$share_dir/usershares"; > push(@dirs,$usershare_sharedir); > >+ my $bad_iconv_sharedir="$share_dir/bad_iconv"; >+ push(@dirs, $bad_iconv_sharedir); >+ > my $fileserver_options = " > kernel change notify = yes > >@@ -1026,6 +1029,12 @@ sub setup_fileserver > path = $share_dir > comment = force group test > # force group = everyone >+ >+[bad_iconv] >+ path = $bad_iconv_sharedir >+ comment = smb username is [%U] >+ vfs objects = >+ > [homes] > comment = Home directories > browseable = No >@@ -1094,6 +1103,17 @@ sub setup_fileserver > close(VALID_USERS_TARGET); > chmod 0644, $valid_users_target; > >+ ## >+ ## create a valid utf8 filename which is invalid as a CP850 conversion >+ ## >+ my $bad_iconv_target = "$bad_iconv_sharedir/\xED\x9F\xBF"; >+ unless (open(BAD_ICONV_TARGET, ">$bad_iconv_target")) { >+ warn("Unable to open $bad_iconv_target"); >+ return undef; >+ } >+ close(BAD_ICONV_TARGET); >+ chmod 0644, $bad_iconv_target; >+ > return $vars; > } > >-- >2.20.1 > > >From 07a75674ff1340c8d0fd578b5b61438304f96c64 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 15:37:00 -0700 >Subject: [PATCH 2/5] s3: selftest: Add test_smbclient_iconv.sh to check client > behavior on bad name conversion. > >SMB2 and NT1 fail this, CORE already returns NT_STATUS_INVALID_NETWORK_RESPONSE >on bad conversion. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(back-ported from commit e016671d34c24c4768df774425ec743b88e30015) >--- > selftest/knownfail.d/bad_iconv | 3 ++ > source3/script/tests/test_smbclient_iconv.sh | 53 ++++++++++++++++++++ > source3/selftest/tests.py | 7 +++ > 3 files changed, 63 insertions(+) > create mode 100644 selftest/knownfail.d/bad_iconv > create mode 100755 source3/script/tests/test_smbclient_iconv.sh > >diff --git a/selftest/knownfail.d/bad_iconv b/selftest/knownfail.d/bad_iconv >new file mode 100644 >index 00000000000..cdedc70e78b >--- /dev/null >+++ b/selftest/knownfail.d/bad_iconv >@@ -0,0 +1,3 @@ >+samba3.blackbox.smbclient_iconv.NT1 >+samba3.blackbox.smbclient_iconv.SMB2 >+ >diff --git a/source3/script/tests/test_smbclient_iconv.sh b/source3/script/tests/test_smbclient_iconv.sh >new file mode 100755 >index 00000000000..0ec7b67dbf7 >--- /dev/null >+++ b/source3/script/tests/test_smbclient_iconv.sh >@@ -0,0 +1,53 @@ >+#!/bin/sh >+ >+# This checks directory listing with a file containing >+# an invalid CP850 conversion name returns NT_STATUS_INVALID_NETWORK_RESPONSE >+ >+if [ $# -lt 6 ]; then >+cat <<EOF >+Usage: test_smbclient_iconv.sh SERVER SERVER_IP SHARENAME USERNAME PASSWORD SMBCLIENT >+EOF >+exit 1; >+fi >+ >+SERVER="$1" >+SERVER_IP="$2" >+SHARENAME="$3" >+USERNAME="$4" >+PASSWORD="$5" >+SMBCLIENT="$6" >+shift 6 >+ADDARGS="$@" >+ >+incdir=`dirname $0`/../../../testprogs/blackbox >+. $incdir/subunit.sh >+ >+failed=0 >+ >+test_smbclient_iconv() >+{ >+ smbclient_config="$PREFIX/client/client_cp850_smbconf" >+ cat > $smbclient_config <<EOF >+[global] >+ unix charset = cp850 >+ client min protocol = core >+EOF >+ >+ cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/$SHARENAME --configfile=$smbclient_config "$ADDARGS" -c ls 2>&1' >+ eval echo "$cmd" >+ out=$(eval $cmd) >+ rm -f $smbclient_config >+ >+ echo "$out" | grep 'NT_STATUS_INVALID_NETWORK_RESPONSE' >+ ret=$? >+ if [ $ret -ne 0 ] ; then >+ echo "$out" >+ echo 'failed - should get: NT_STATUS_INVALID_NETWORK_RESPONSE.' >+ return 1 >+ fi >+ >+ return 0 >+} >+ >+testit "bad_iconv smbclient" test_smbclient_iconv || failed=$(expr $failed + 1) >+testok $0 $failed >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 5c43e6e9458..98f372c95e9 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -354,6 +354,13 @@ for env in ["fileserver"]: > [os.path.join(samba3srcdir, "script/tests/test_zero_data.sh"), > '$SERVER_IP', '$USERNAME', '$PASSWORD', '$LOCAL_PATH']) > >+ plantestsuite("samba3.blackbox.smbclient_iconv.SMB2", env, >+ [os.path.join(samba3srcdir, "script/tests/test_smbclient_iconv.sh"), >+ '$SERVER', '$SERVER_IP', 'bad_iconv', '$USERNAME', '$PASSWORD', smbclient3]) >+ plantestsuite("samba3.blackbox.smbclient_iconv.NT1", env, >+ [os.path.join(samba3srcdir, "script/tests/test_smbclient_iconv.sh"), >+ '$SERVER', '$SERVER_IP', 'bad_iconv', '$USERNAME', '$PASSWORD', smbclient3, '-mNT1']) >+ > # > # tar command tests > # >-- >2.20.1 > > >From 0152c1ce47a83c52f81c6b59c5e2d052c2e83b91 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 12:34:10 -0700 >Subject: [PATCH 3/5] s3: libsmb: In SMB1 old protocol - return > NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL > filename. > >Can happen if namelen == 0. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit b10de0bb64fe022e6b066584013dfb0bdf2ade96) >--- > source3/libsmb/clilist.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c >index 4f518339e2b..06a45e221f6 100644 >--- a/source3/libsmb/clilist.c >+++ b/source3/libsmb/clilist.c >@@ -552,7 +552,10 @@ static NTSTATUS cli_list_old_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, > TALLOC_FREE(finfo); > return NT_STATUS_NO_MEMORY; > } >- >+ if (finfo->name == NULL) { >+ TALLOC_FREE(finfo); >+ return NT_STATUS_INVALID_NETWORK_RESPONSE; >+ } > status = is_bad_finfo_name(state->cli, finfo); > if (!NT_STATUS_IS_OK(status)) { > smbXcli_conn_disconnect(state->cli->conn, status); >-- >2.20.1 > > >From dcd1dd96c5899aa316445e31f54f057955f37724 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 12:23:49 -0700 >Subject: [PATCH 4/5] s3: libsmb: In SMB2 return > NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL > filename. > >Can happen if namelen == 0. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 753115a8d19f6ac8cd28305748fc6d888679dccc) >--- > selftest/knownfail.d/bad_iconv | 1 - > source3/libsmb/cli_smb2_fnum.c | 6 ++++++ > 2 files changed, 6 insertions(+), 1 deletion(-) > >diff --git a/selftest/knownfail.d/bad_iconv b/selftest/knownfail.d/bad_iconv >index cdedc70e78b..c45022f3457 100644 >--- a/selftest/knownfail.d/bad_iconv >+++ b/selftest/knownfail.d/bad_iconv >@@ -1,3 +1,2 @@ > samba3.blackbox.smbclient_iconv.NT1 >-samba3.blackbox.smbclient_iconv.SMB2 > >diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c >index 3fa322c243b..0d79cf693da 100644 >--- a/source3/libsmb/cli_smb2_fnum.c >+++ b/source3/libsmb/cli_smb2_fnum.c >@@ -1269,6 +1269,12 @@ static NTSTATUS parse_finfo_id_both_directory_info(uint8_t *dir_data, > /* Bad conversion. */ > return NT_STATUS_INVALID_NETWORK_RESPONSE; > } >+ >+ if (finfo->name == NULL) { >+ /* Bad conversion. */ >+ return NT_STATUS_INVALID_NETWORK_RESPONSE; >+ } >+ > return NT_STATUS_OK; > } > >-- >2.20.1 > > >From 6555bcec74215f1126151e75a307c6934b57d636 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 11 May 2020 15:58:27 -0700 >Subject: [PATCH 5/5] s3: libsmbclient: Finish unifing bad iconv behavior > across CORE NT1 SMB2 protocols. > >On bad name conversion, exit the directory listing with an error, but leave the >connection intact. We were already checking for finfo->name == NULL here, >but were ignoring it and not reporting an error. > >Remove the knownfail.d/bad_iconv file as we now >behave the same across CORE/NT1/SMB2. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Tue May 12 21:32:44 UTC 2020 on sn-devel-184 > >(cherry picked from commit 393da520e43bd3a28feb231bcd9fd5308a3daa4a) >--- > selftest/knownfail.d/bad_iconv | 2 -- > source3/libsmb/clilist.c | 5 +++-- > 2 files changed, 3 insertions(+), 4 deletions(-) > delete mode 100644 selftest/knownfail.d/bad_iconv > >diff --git a/selftest/knownfail.d/bad_iconv b/selftest/knownfail.d/bad_iconv >deleted file mode 100644 >index c45022f3457..00000000000 >--- a/selftest/knownfail.d/bad_iconv >+++ /dev/null >@@ -1,2 +0,0 @@ >-samba3.blackbox.smbclient_iconv.NT1 >- >diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c >index 06a45e221f6..a14bae691b1 100644 >--- a/source3/libsmb/clilist.c >+++ b/source3/libsmb/clilist.c >@@ -794,8 +794,9 @@ static void cli_list_trans_done(struct tevent_req *subreq) > if (finfo->name == NULL) { > DEBUG(1, ("cli_list: Error: unable to parse name from " > "info level %d\n", state->info_level)); >- ff_eos = true; >- break; >+ tevent_req_nterror(req, >+ NT_STATUS_INVALID_NETWORK_RESPONSE); >+ return; > } > > status = is_bad_finfo_name(state->cli, finfo); >-- >2.20.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15990">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 14374
:
15967
|
15968
|
15970
|
15972
|
15989
| 15990