The Samba-Bugzilla – Attachment 8638 Details for
Bug 9706
Parameter is incorrect on Android
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.next.
readx-3.6.patchset (text/plain), 1.82 KB, created by
Jeremy Allison
on 2013-03-14 00:22:36 UTC
(
hide
)
Description:
git-am fix for 3.6.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2013-03-14 00:22:36 UTC
Size:
1.82 KB
patch
obsolete
>From a693ca401bb896918a5bb952a531cfc6b657228a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 13 Mar 2013 17:19:32 -0700 >Subject: [PATCH 1/2] Ensure we explicitly ignore 0xFFFF value for upper > length. > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/smbd/reply.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c >index a708fd8..5dbd6b4 100644 >--- a/source3/smbd/reply.c >+++ b/source3/smbd/reply.c >@@ -3756,6 +3756,13 @@ void reply_read_and_X(struct smb_request *req) > > if (global_client_caps & CAP_LARGE_READX) { > size_t upper_size = SVAL(req->vwv+7, 0); >+ /* >+ * Some clients send this as an explicit invalid >+ * value. >+ */ >+ if (upper_size == 0xFFFF) { >+ upper_size = 0; >+ } > smb_maxcnt |= (upper_size<<16); > if (upper_size > 1) { > /* Can't do this on a chained packet. */ >-- >1.8.1.3 > > >From 049dd27fe65ff1a6bc7caf98dd87af164824856b Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 13 Mar 2013 17:20:32 -0700 >Subject: [PATCH 2/2] Correctly identify big_readX. > >We can't just look for the upper length value being >greater than 1, as the actual limit is 0x1FFFF minus >the SMB header and VWV sizes. > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/smbd/reply.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c >index 5dbd6b4..06f2644 100644 >--- a/source3/smbd/reply.c >+++ b/source3/smbd/reply.c >@@ -3764,7 +3764,7 @@ void reply_read_and_X(struct smb_request *req) > upper_size = 0; > } > smb_maxcnt |= (upper_size<<16); >- if (upper_size > 1) { >+ if (smb_maxcnt > (0x1FFFF - (smb_size -4 + 12*2))) { > /* Can't do this on a chained packet. */ > if ((CVAL(req->vwv+0, 0) != 0xFF)) { > reply_nterror(req, NT_STATUS_NOT_SUPPORTED); >-- >1.8.1.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9706
:
8627
|
8631
|
8632
|
8637
|
8638
|
8651
|
8659
|
8663
|
8664
|
8665
|
8666
|
8667