The Samba-Bugzilla – Attachment 6361 Details for
Bug 8040
smbclient segfaults when a Cyrillic netbios name or workgroup is configured
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
First part of fix.
0001-Fix-bug-8040-smbclient-segfaults-when-a-Cyrillic-net.patch (text/plain), 2.54 KB, created by
Jeremy Allison
on 2011-04-01 18:16:13 UTC
(
hide
)
Description:
First part of fix.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-04-01 18:16:13 UTC
Size:
2.54 KB
patch
obsolete
>From 00834d05c41bbdebd737f1c4ebb8e04955e092ec Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Fri, 25 Mar 2011 15:12:12 -0700 >Subject: [PATCH] Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured. > >As discovered by David Disseldorp <ddiss@suse.de>, convert_string_talloc() >doesn't always return consistent results for a zero length string. The >API states an incoming string must *always* contain the terminating null, >but unfotunately too much code expects passing in a zero source length >to return a null terminated string, so at least ensure we return a >correct null string in the required character set and return the >correct length. > >Also ensure we cannot return a zero length for a converted string >(we ensure that the returned buffer is always allocated and zero >terminated anyway) as calling code depends on the fact that returning >true from this function will *always* return a non-zero length (as >it must include the terminating null). > >Note this is a different fix from what went into master (this is >identical to the fix I'm planning for 3.5.x) as convert_string_talloc() >has diverged between the two. > >Jeremy. >--- > source3/lib/charcnv.c | 24 ++++++++++++++++++++++-- > 1 files changed, 22 insertions(+), 2 deletions(-) > >diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c >index 5b2149b9..fd6cefe 100644 >--- a/source3/lib/charcnv.c >+++ b/source3/lib/charcnv.c >@@ -456,14 +456,24 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, > errno = EINVAL; > return false; > } >+ > if (srclen == 0) { >- ob = talloc_strdup(ctx, ""); >+ /* We really should treat this as an error, but >+ there are too many callers that need this to >+ return a NULL terminated string in the correct >+ character set. */ >+ if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { >+ destlen = 2; >+ } else { >+ destlen = 1; >+ } >+ ob = talloc_zero_array(ctx, char, destlen); > if (ob == NULL) { > errno = ENOMEM; > return false; > } >+ *converted_size = destlen; > *dest = ob; >- *converted_size = 0; > return true; > } > >@@ -560,6 +570,16 @@ bool convert_string_talloc(TALLOC_CTX *ctx, charset_t from, charset_t to, > ob[destlen] = '\0'; > ob[destlen+1] = '\0'; > >+ /* Ensure we can never return a *converted_size of zero. */ >+ if (destlen == 0) { >+ /* This can happen from a bad iconv "use_as_is:" call. */ >+ if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) { >+ destlen = 2; >+ } else { >+ destlen = 1; >+ } >+ } >+ > *converted_size = destlen; > return true; > >-- >1.7.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 8040
:
6346
| 6361 |
6362