The Samba-Bugzilla – Attachment 6943 Details for
Bug 8474
SMB2 create doesn't cope with an Apple client using NULL blob in create.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.1 - part #1
0001-Fix-bug-8474-SMB2-create-doesn-t-cope-with-an-Apple-.patch (text/plain), 1.61 KB, created by
Jeremy Allison
on 2011-09-26 22:02:09 UTC
(
hide
)
Description:
git-am fix for 3.6.1 - part #1
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-09-26 22:02:09 UTC
Size:
1.61 KB
patch
obsolete
>From d89bbe9b0a989b8b5b1ecbd43c063a388e122aaf Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 21 Sep 2011 11:40:01 -0700 >Subject: [PATCH] Fix bug #8474 - SMB2 create doesn't cope with an Apple client using NULL blob in create > >Cope with zero length data_offset and data_length values. > >Autobuild-User: Jeremy Allison <jra@samba.org> >Autobuild-Date: Wed Sep 21 22:12:40 CEST 2011 on sn-devel-104 >--- > libcli/smb/smb2_create_blob.c | 10 +++++++--- > 1 files changed, 7 insertions(+), 3 deletions(-) > >diff --git a/libcli/smb/smb2_create_blob.c b/libcli/smb/smb2_create_blob.c >index 444dc84..b44f28a 100644 >--- a/libcli/smb/smb2_create_blob.c >+++ b/libcli/smb/smb2_create_blob.c >@@ -63,9 +63,10 @@ NTSTATUS smb2_create_blob_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer, > name_offset > remaining || > name_length != 4 || /* windows enforces this */ > name_offset + name_length > remaining || >- data_offset < name_offset + name_length || >- data_offset > remaining || >- data_offset + (uint64_t)data_length > remaining) { >+ (data_offset && (data_offset < name_offset + name_length)) || >+ (data_offset && (data_offset > remaining)) || >+ (data_offset && data_length && >+ (data_offset + (uint64_t)data_length > remaining))) { > return NT_STATUS_INVALID_PARAMETER; > } > >@@ -88,6 +89,9 @@ NTSTATUS smb2_create_blob_parse(TALLOC_CTX *mem_ctx, const DATA_BLOB buffer, > data += next; > > if (remaining < 16) { >+ DEBUG(0,("smb2_create_blob_parse: remaining1 = %d, next = %d\n", >+ (int)remaining, >+ (int)next)); > return NT_STATUS_INVALID_PARAMETER; > } > } >-- >1.7.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8474
:
6927
| 6943 |
6944