The Samba-Bugzilla – Attachment 6051 Details for
Bug 7779
expand_msdfs causes smbd crashed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
0001-s3-Fix-bug-7779-crash-in-expand_msdfs.patch (text/plain), 4.22 KB, created by
Volker Lendecke
on 2010-11-06 15:48:22 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2010-11-06 15:48:22 UTC
Size:
4.22 KB
patch
obsolete
>From 59a1081e0fb339ddf2e44f1ebd4ebdb58370fb11 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Sat, 6 Nov 2010 21:18:35 +0100 >Subject: [PATCH] s3: Fix bug 7779, crash in expand_msdfs > >--- > source3/include/proto.h | 1 + > source3/librpc/gen_ndr/ndr_secrets.c | 2 -- > source3/rpc_server/srv_dfs_nt.c | 12 +++++++----- > source3/smbd/msdfs.c | 8 +++++--- > 4 files changed, 13 insertions(+), 10 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index 5064fdb..181e48a 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -6463,6 +6463,7 @@ bool is_msdfs_link(connection_struct *conn, > const char *path, > SMB_STRUCT_STAT *sbufp); > NTSTATUS get_referred_path(TALLOC_CTX *ctx, >+ struct auth_serversupplied_info *server_info, > const char *dfs_path, > struct junction_map *jucn, > int *consumedcntp, >diff --git a/source3/librpc/gen_ndr/ndr_secrets.c b/source3/librpc/gen_ndr/ndr_secrets.c >index f9b6145..2b182db 100644 >--- a/source3/librpc/gen_ndr/ndr_secrets.c >+++ b/source3/librpc/gen_ndr/ndr_secrets.c >@@ -24,7 +24,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_TRUSTED_DOM_PASS(struct ndr_push *ndr, int n > NDR_CHECK(ndr_push_trailer_align(ndr, 4)); > } > if (ndr_flags & NDR_BUFFERS) { >- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid)); > } > ndr->flags = _flags_save_STRUCT; > } >@@ -52,7 +51,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_TRUSTED_DOM_PASS(struct ndr_pull *ndr, int n > NDR_CHECK(ndr_pull_trailer_align(ndr, 4)); > } > if (ndr_flags & NDR_BUFFERS) { >- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->domain_sid)); > } > ndr->flags = _flags_save_STRUCT; > } >diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c >index dfa33c2..2bfbe5e 100644 >--- a/source3/rpc_server/srv_dfs_nt.c >+++ b/source3/rpc_server/srv_dfs_nt.c >@@ -70,7 +70,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r) > } > > /* The following call can change the cwd. */ >- status = get_referred_path(ctx, r->in.path, jn, >+ status = get_referred_path(ctx, p->server_info, r->in.path, jn, > &consumedcnt, &self_ref); > if(!NT_STATUS_IS_OK(status)) { > return ntstatus_to_werror(status); >@@ -136,8 +136,9 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r) > r->in.dfs_entry_path, r->in.servername, r->in.sharename)); > } > >- if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, jn, >- &consumedcnt, &self_ref))) { >+ if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info, >+ r->in.dfs_entry_path, jn, >+ &consumedcnt, &self_ref))) { > return WERR_DFS_NO_SUCH_VOL; > } > >@@ -358,8 +359,9 @@ WERROR _dfs_GetInfo(pipes_struct *p, struct dfs_GetInfo *r) > } > > /* The following call can change the cwd. */ >- if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, >- jn, &consumedcnt, &self_ref)) || >+ if(!NT_STATUS_IS_OK(get_referred_path(ctx, p->server_info, >+ r->in.dfs_entry_path, >+ jn, &consumedcnt, &self_ref)) || > consumedcnt < strlen(r->in.dfs_entry_path)) { > return WERR_DFS_NO_SUCH_VOL; > } >diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c >index 6dfa886..6a2f756 100644 >--- a/source3/smbd/msdfs.c >+++ b/source3/smbd/msdfs.c >@@ -795,6 +795,7 @@ static NTSTATUS self_ref(TALLOC_CTX *ctx, > **********************************************************************/ > > NTSTATUS get_referred_path(TALLOC_CTX *ctx, >+ struct auth_serversupplied_info *server_info, > const char *dfs_path, > struct junction_map *jucn, > int *consumedcntp, >@@ -916,7 +917,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, > } > > status = create_conn_struct(ctx, &conn, snum, lp_pathname(snum), >- NULL, &oldpath); >+ server_info, &oldpath); > if (!NT_STATUS_IS_OK(status)) { > TALLOC_FREE(pdp); > return status; >@@ -1221,8 +1222,9 @@ int setup_dfs_referral(connection_struct *orig_conn, > } > > /* The following call can change cwd. */ >- *pstatus = get_referred_path(ctx, pathnamep, junction, >- &consumedcnt, &self_referral); >+ *pstatus = get_referred_path(ctx, orig_conn->server_info, >+ pathnamep, junction, >+ &consumedcnt, &self_referral); > if (!NT_STATUS_IS_OK(*pstatus)) { > vfs_ChDir(orig_conn,orig_conn->connectpath); > talloc_destroy(ctx); >-- >1.7.0.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6051">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 7779
:
6050
| 6051