The Samba-Bugzilla – Attachment 8786 Details for
Bug 9811
Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.next.
0001-Fix-bug-9811-Old-DOS-SMB-CTEMP-request-uses-a-non-VF.patch (text/plain), 5.20 KB, created by
Jeremy Allison
on 2013-04-18 18:19:52 UTC
(
hide
)
Description:
git-am fix for 3.6.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2013-04-18 18:19:52 UTC
Size:
5.20 KB
patch
obsolete
>From e6be52880c30c370c85fb656b4146f57fc61685d Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 18 Apr 2013 11:19:20 -0700 >Subject: [PATCH] Fix bug 9811 - Old DOS SMB CTEMP request uses a non-VFS > function to access the filesystem. > >Fix bug in old create temp SMB request. Only use VFS functions. > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/smbd/reply.c | 117 +++++++++++++++++++++++++++----------------------- > 1 file changed, 64 insertions(+), 53 deletions(-) > >diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c >index 31f4e2f..a71596d 100644 >--- a/source3/smbd/reply.c >+++ b/source3/smbd/reply.c >@@ -2239,13 +2239,14 @@ void reply_ctemp(struct smb_request *req) > { > connection_struct *conn = req->conn; > struct smb_filename *smb_fname = NULL; >+ char *wire_name = NULL; > char *fname = NULL; > uint32 fattr; > files_struct *fsp; > int oplock_request; >- int tmpfd; > char *s; > NTSTATUS status; >+ int i; > TALLOC_CTX *ctx = talloc_tos(); > > START_PROFILE(SMBctemp); >@@ -2258,77 +2259,85 @@ void reply_ctemp(struct smb_request *req) > fattr = SVAL(req->vwv+0, 0); > oplock_request = CORE_OPLOCK_REQUEST(req->inbuf); > >- srvstr_get_path_req(ctx, req, &fname, (const char *)req->buf+1, >+ srvstr_get_path_req(ctx, req, &wire_name, (const char *)req->buf+1, > STR_TERMINATE, &status); > if (!NT_STATUS_IS_OK(status)) { > reply_nterror(req, status); > goto out; > } >- if (*fname) { >- fname = talloc_asprintf(ctx, >- "%s/TMXXXXXX", >- fname); >- } else { >- fname = talloc_strdup(ctx, "TMXXXXXX"); >- } > >- if (!fname) { >- reply_nterror(req, NT_STATUS_NO_MEMORY); >- goto out; >- } >+ for (i = 0; i < 10; i++) { >+ if (*wire_name) { >+ fname = talloc_asprintf(ctx, >+ "%s/TMP%s", >+ wire_name, >+ generate_random_str_list(ctx, 5, "0123456789")); >+ } else { >+ fname = talloc_asprintf(ctx, >+ "TMP%s", >+ generate_random_str_list(ctx, 5, "0123456789")); >+ } > >- status = filename_convert(ctx, conn, >+ if (!fname) { >+ reply_nterror(req, NT_STATUS_NO_MEMORY); >+ goto out; >+ } >+ >+ status = filename_convert(ctx, conn, > req->flags2 & FLAGS2_DFS_PATHNAMES, > fname, > 0, > NULL, > &smb_fname); >- if (!NT_STATUS_IS_OK(status)) { >- if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { >- reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, >+ if (!NT_STATUS_IS_OK(status)) { >+ if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { >+ reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, > ERRSRV, ERRbadpath); >+ goto out; >+ } >+ reply_nterror(req, status); > goto out; > } >- reply_nterror(req, status); >- goto out; >- } >- >- tmpfd = mkstemp(smb_fname->base_name); >- if (tmpfd == -1) { >- reply_nterror(req, map_nt_error_from_unix(errno)); >- goto out; >- } >- >- SMB_VFS_STAT(conn, smb_fname); >- >- /* We should fail if file does not exist. */ >- status = SMB_VFS_CREATE_FILE( >- conn, /* conn */ >- req, /* req */ >- 0, /* root_dir_fid */ >- smb_fname, /* fname */ >- FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */ >- FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ >- FILE_OPEN, /* create_disposition*/ >- 0, /* create_options */ >- fattr, /* file_attributes */ >- oplock_request, /* oplock_request */ >- 0, /* allocation_size */ >- 0, /* private_flags */ >- NULL, /* sd */ >- NULL, /* ea_list */ >- &fsp, /* result */ >- NULL); /* pinfo */ > >- /* close fd from mkstemp() */ >- close(tmpfd); >+ /* Create the file. */ >+ status = SMB_VFS_CREATE_FILE( >+ conn, /* conn */ >+ req, /* req */ >+ 0, /* root_dir_fid */ >+ smb_fname, /* fname */ >+ FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */ >+ FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ >+ FILE_CREATE, /* create_disposition*/ >+ 0, /* create_options */ >+ fattr, /* file_attributes */ >+ oplock_request, /* oplock_request */ >+ 0, /* allocation_size */ >+ 0, /* private_flags */ >+ NULL, /* sd */ >+ NULL, /* ea_list */ >+ &fsp, /* result */ >+ NULL); /* pinfo */ >+ >+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) { >+ TALLOC_FREE(fname); >+ continue; >+ } > >- if (!NT_STATUS_IS_OK(status)) { >- if (open_was_deferred(req->mid)) { >- /* We have re-scheduled this call. */ >+ if (!NT_STATUS_IS_OK(status)) { >+ if (open_was_deferred(req->mid)) { >+ /* We have re-scheduled this call. */ >+ goto out; >+ } >+ reply_openerror(req, status); > goto out; > } >- reply_openerror(req, status); >+ >+ break; >+ } >+ >+ if (i == 10) { >+ /* Collision after 10 times... */ >+ reply_nterror(req, status); > goto out; > } > >@@ -2369,6 +2378,8 @@ void reply_ctemp(struct smb_request *req) > fsp->fh->fd, (unsigned int)smb_fname->st.st_ex_mode)); > out: > TALLOC_FREE(smb_fname); >+ TALLOC_FREE(fname); >+ TALLOC_FREE(wire_name); > END_PROFILE(SMBctemp); > return; > } >-- >1.7.10.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
ddiss
:
review+
Actions:
View
Attachments on
bug 9811
:
8785
|
8786
|
8794
|
8795