The Samba-Bugzilla – Attachment 2390 Details for
Bug 4512
string overflow share name lenght greater than 32 characters
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
look (text/plain), 3.11 KB, created by
Jeremy Allison
on 2007-04-16 14:12:18 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2007-04-16 14:12:18 UTC
Size:
3.11 KB
patch
obsolete
>Index: smbd/connection.c >=================================================================== >--- smbd/connection.c (revision 22265) >+++ smbd/connection.c (working copy) >@@ -108,13 +108,13 @@ > > if (cs->Clear && !process_exists(crec.pid) && (errno == ESRCH)) { > DEBUG(2,("pid %s doesn't exist - deleting connections %d [%s]\n", >- procid_str_static(&crec.pid), crec.cnum, crec.name)); >+ procid_str_static(&crec.pid), crec.cnum, crec.servicename)); > if (tdb_delete(the_tdb, kbuf) != 0) > DEBUG(0,("count_fn: tdb_delete failed with error %s\n", tdb_errorstr(tdb) )); > return 0; > } > >- if (strequal(crec.name, cs->name)) >+ if (strequal(crec.servicename, cs->name)) > cs->curr_connections++; > > return 0; >@@ -191,8 +191,8 @@ > if (conn) { > crec.uid = conn->uid; > crec.gid = conn->gid; >- safe_strcpy(crec.name, >- lp_servicename(SNUM(conn)),sizeof(crec.name)-1); >+ safe_strcpy(crec.servicename, >+ lp_servicename(SNUM(conn)),sizeof(crec.servicename)-1); > } > crec.start = time(NULL); > crec.bcast_msg_flags = msg_flags; >Index: smbd/trans2.c >=================================================================== >--- smbd/trans2.c (revision 22265) >+++ smbd/trans2.c (working copy) >@@ -2232,7 +2232,7 @@ > uint16 info_level; > int data_len, len; > SMB_STRUCT_STAT st; >- char *vname = volume_label(SNUM(conn)); >+ const char *vname = volume_label(SNUM(conn)); > int snum = SNUM(conn); > char *fstype = lp_fstype(SNUM(conn)); > int quota_flag = 0; >@@ -2353,9 +2353,11 @@ > SIVAL(pdata,8,str_checksum(lp_servicename(snum)) ^ > (str_checksum(get_local_machine_name())<<16)); > >+ /* Max label len is 32 characters. */ > len = srvstr_push(outbuf, pdata+18, vname, -1, STR_UNICODE); > SIVAL(pdata,12,len); > data_len = 18+len; >+ > DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n", > (int)strlen(vname),vname, lp_servicename(snum))); > break; >Index: param/loadparm.c >=================================================================== >--- param/loadparm.c (revision 22265) >+++ param/loadparm.c (working copy) >@@ -5293,15 +5293,22 @@ > A useful volume label function. > ********************************************************************/ > >-char *volume_label(int snum) >+const char *volume_label(int snum) > { >- char *ret = lp_volume(snum); >- if (!*ret) >- return lp_servicename(snum); >- return (ret); >+ char *ret; >+ const char *label = lp_volume(snum); >+ if (!*label) { >+ label = lp_servicename(snum); >+ } >+ >+ /* This returns a 33 byte guarenteed null terminated string. */ >+ ret = talloc_strndup(main_loop_talloc_get(), label, 32); >+ if (!ret) { >+ return ""; >+ } >+ return ret; > } > >- > /******************************************************************* > Set the server type we will announce as via nmbd. > ********************************************************************/ >Index: include/smb.h >=================================================================== >--- include/smb.h (revision 22265) >+++ include/smb.h (working copy) >@@ -885,7 +885,7 @@ > int cnum; > uid_t uid; > gid_t gid; >- char name[24]; >+ char servicename[FSTRING_LEN]; > char addr[24]; > char machine[FSTRING_LEN]; > time_t start;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2390">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4512
: 2390