The Samba-Bugzilla – Attachment 5551 Details for
Bug 7057
Buffer overflow when sending a file with long name
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
My fix for the issue.
dir-overflow.patch (text/plain), 1.12 KB, created by
Wayne Davison
on 2010-03-26 19:06:21 UTC
(
hide
)
Description:
My fix for the issue.
Filename:
MIME Type:
Creator:
Wayne Davison
Created:
2010-03-26 19:06:21 UTC
Size:
1.12 KB
patch
obsolete
>index 7139b10..fef15aa 100644 >--- a/flist.c >+++ b/flist.c >@@ -1640,21 +1640,29 @@ static void send_directory(int f, struct file_list *flist, char *fbuf, int len, > } > > p = fbuf + len; >- if (len != 1 || *fbuf != '/') >+ if (len == 1 && *fbuf == '/') >+ remainder = MAXPATHLEN - 1; >+ else if (len < MAXPATHLEN-1) { > *p++ = '/'; >- *p = '\0'; >- remainder = MAXPATHLEN - (p - fbuf); >+ *p = '\0'; >+ remainder = MAXPATHLEN - (len + 1); >+ } else >+ remainder = 0; > > for (errno = 0, di = readdir(d); di; errno = 0, di = readdir(d)) { > char *dname = d_name(di); > if (dname[0] == '.' && (dname[1] == '\0' > || (dname[1] == '.' && dname[2] == '\0'))) > continue; >- if (strlcpy(p, dname, remainder) >= remainder) { >+ unsigned name_len = strlcpy(p, dname, remainder); >+ if (name_len >= remainder) { >+ char save = fbuf[len]; >+ fbuf[len] = '\0'; > io_error |= IOERR_GENERAL; > rprintf(FERROR_XFER, >- "cannot send long-named file %s\n", >- full_fname(fbuf)); >+ "filename overflows max-path len by %u: %s/%s\n", >+ name_len - remainder + 1, fbuf, dname); >+ fbuf[len] = save; > continue; > } > if (dname[0] == '\0') {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7057
:
5215
|
5529
|
5530
| 5551 |
5553