The Samba-Bugzilla – Attachment 2403 Details for
Bug 3703
ERROR: string overflow by 1 (24 - 23) in safe_strcpy
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Same patch of bug 4512 with some name->servicename conversions
samba-share-longer-than-23-char.patch (text/plain), 4.92 KB, created by
Diego Liziero
on 2007-04-24 02:14:20 UTC
(
hide
)
Description:
Same patch of bug 4512 with some name->servicename conversions
Filename:
MIME Type:
Creator:
Diego Liziero
Created:
2007-04-24 02:14:20 UTC
Size:
4.92 KB
patch
obsolete
>Index: source/smbd/connection.c >=================================================================== >--- source/smbd/connection.c (revision 22265) >+++ source/smbd/connection.c (working copy) >@@ -108,13 +108,13 @@ > > if (cs->Clear && !process_exists(crec.pid) && (errno == ESRCH)) { > DEBUG(2,("pid %s doesn't exist - deleting connections %d [%s]\n", >- procid_str_static(&crec.pid), crec.cnum, crec.name)); >+ procid_str_static(&crec.pid), crec.cnum, crec.servicename)); > if (tdb_delete(the_tdb, kbuf) != 0) > DEBUG(0,("count_fn: tdb_delete failed with error %s\n", tdb_errorstr(tdb) )); > return 0; > } > >- if (strequal(crec.name, cs->name)) >+ if (strequal(crec.servicename, cs->name)) > cs->curr_connections++; > > return 0; >@@ -191,8 +191,8 @@ > if (conn) { > crec.uid = conn->uid; > crec.gid = conn->gid; >- safe_strcpy(crec.name, >- lp_servicename(SNUM(conn)),sizeof(crec.name)-1); >+ safe_strcpy(crec.servicename, >+ lp_servicename(SNUM(conn)),sizeof(crec.servicename)-1); > } > crec.start = time(NULL); > crec.bcast_msg_flags = msg_flags; >Index: source/smbd/trans2.c >=================================================================== >--- source/smbd/trans2.c (revision 22265) >+++ source/smbd/trans2.c (working copy) >@@ -2232,7 +2232,7 @@ > uint16 info_level; > int data_len, len; > SMB_STRUCT_STAT st; >- char *vname = volume_label(SNUM(conn)); >+ const char *vname = volume_label(SNUM(conn)); > int snum = SNUM(conn); > char *fstype = lp_fstype(SNUM(conn)); > int quota_flag = 0; >@@ -2353,9 +2353,11 @@ > SIVAL(pdata,8,str_checksum(lp_servicename(snum)) ^ > (str_checksum(get_local_machine_name())<<16)); > >+ /* Max label len is 32 characters. */ > len = srvstr_push(outbuf, pdata+18, vname, -1, STR_UNICODE); > SIVAL(pdata,12,len); > data_len = 18+len; >+ > DEBUG(5,("call_trans2qfsinfo : SMB_QUERY_FS_VOLUME_INFO namelen = %d, vol=%s serv=%s\n", > (int)strlen(vname),vname, lp_servicename(snum))); > break; >Index: source/param/loadparm.c >=================================================================== >--- source/param/loadparm.c (revision 22265) >+++ source/param/loadparm.c (working copy) >@@ -5293,15 +5293,22 @@ > A useful volume label function. > ********************************************************************/ > >-char *volume_label(int snum) >+const char *volume_label(int snum) > { >- char *ret = lp_volume(snum); >- if (!*ret) >- return lp_servicename(snum); >- return (ret); >+ char *ret; >+ const char *label = lp_volume(snum); >+ if (!*label) { >+ label = lp_servicename(snum); >+ } >+ >+ /* This returns a 33 byte guarenteed null terminated string. */ >+ ret = talloc_strndup(main_loop_talloc_get(), label, 32); >+ if (!ret) { >+ return ""; >+ } >+ return ret; > } > >- > /******************************************************************* > Set the server type we will announce as via nmbd. > ********************************************************************/ >Index: source/include/smb.h >=================================================================== >--- source/include/smb.h (revision 22265) >+++ source/include/smb.h (working copy) >@@ -885,7 +885,7 @@ > int cnum; > uid_t uid; > gid_t gid; >- char name[24]; >+ char servicename[FSTRING_LEN]; > char addr[24]; > char machine[FSTRING_LEN]; > time_t start; >--- source/lib/messages.c-orig 2007-04-23 17:52:35.000000000 +0200 >+++ source/lib/messages.c 2007-04-23 17:53:32.000000000 +0200 >@@ -577,7 +577,7 @@ > if (errno == ESRCH) { > DEBUG(2,("pid %s doesn't exist - deleting connections %d [%s]\n", > procid_str_static(&crec.pid), >- crec.cnum, crec.name)); >+ crec.cnum, crec.servicename)); > tdb_delete(the_tdb, kbuf); > } > } >--- source/web/statuspage.c 2007/03/05 23:40:03 21714 >+++ source/web/statuspage.c 2007/04/16 20:06:02 22282 >@@ -230,7 +230,7 @@ > return 0; > > printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n", >- crec.name,uidtoname(crec.uid), >+ crec.servicename,uidtoname(crec.uid), > gidtoname(crec.gid),procid_str_static(&crec.pid), > crec.machine, > tstring(crec.start)); >--- source/utils/net_status.c 2007/03/05 23:40:03 21714 >+++ source/utils/net_status.c 2007/04/16 20:06:02 22282 >@@ -102,7 +102,7 @@ > } > > d_printf("%-10.10s %s %-12s %s", >- crec.name,procid_str_static(&crec.pid), >+ crec.servicename,procid_str_static(&crec.pid), > crec.machine, > time_to_asc(crec.start)); > >@@ -168,7 +168,7 @@ > } > > d_printf("%s\\%s\\%s\\%s\\%s\\%s\\%s", >- crec.name,procid_str_static(&crec.pid), >+ crec.servicename,procid_str_static(&crec.pid), > guest ? "" : uidtoname(ids->entries[i].uid), > guest ? "" : gidtoname(ids->entries[i].gid), > crec.machine, >--- source/utils/status.c 2007/03/05 23:40:03 21714 >+++ source/utils/status.c 2007/04/16 20:06:02 22282 >@@ -205,7 +205,7 @@ > } > > d_printf("%-10s %s %-12s %s", >- crec.name,procid_str_static(&crec.pid), >+ crec.servicename,procid_str_static(&crec.pid), > crec.machine, > time_to_asc(crec.start)); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2403">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 3703
: 2403