Attachment 9792 Details for Bug 10422 – Patches for v4-1-test

[patch] Patches for v4-1-test

tmp41.diff (text/plain), 23.35 KB, created by Stefan Metzmacher on 2014-03-20 15:25:26 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2014-03-20 15:25:26 UTC

Size: 23.35 KB

patch

obsolete

>From 1bbff2413bbfe95dabf6c992ffdaa5dfbc03dec8 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 19 Feb 2014 13:54:44 +0100
>Subject: [PATCH 01/17] s3:utils/smbfilter: use a local variable for the
> packet buffer
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 3667a2eee388915fca2b894ae37375eeed46e941)
>---
> source3/utils/smbfilter.c |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
>index 33f1a90..734971b 100644
>--- a/source3/utils/smbfilter.c
>+++ b/source3/utils/smbfilter.c
>@@ -35,7 +35,6 @@
> #define CLI_CAPABILITY_SET  0
> 
> static char *netbiosname;
>-static char packet[BUFFER_SIZE];
> 
> static void save_file(const char *fname, void *ppacket, size_t length)
> {
>@@ -178,6 +177,7 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
> {
> 	NTSTATUS status;
> 	int s = -1;
>+	uint8_t packet[128*1024];
> 
> 	/* we have a connection from a new client, now connect to the server */
> 	status = open_socket_out(dest_ss, TCP_SMB_PORT, LONG_CONNECT_TIMEOUT, &s);
>-- 
>1.7.9.5
>
>
>From 36d0ea1da35f7ebebbd63ae9c61dcfc598989853 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 19 Feb 2014 13:56:06 +0100
>Subject: [PATCH 02/17] s3:torture: use CLI_BUFFER_SIZE instead of BUFFER_SIZE
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 05e821b220328b88dd9eece919b8adee3e4281ac)
>---
> source3/torture/torture.c |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/torture/torture.c b/source3/torture/torture.c
>index b7badc6..197f71f 100644
>--- a/source3/torture/torture.c
>+++ b/source3/torture/torture.c
>@@ -3087,7 +3087,7 @@ static bool run_randomipc(int dummy)
> 
> 		cli_api(cli, 
> 			param, param_len, 8,  
>-			NULL, 0, BUFFER_SIZE, 
>+			NULL, 0, CLI_BUFFER_SIZE,
> 			&rparam, &rprcnt,     
> 			&rdata, &rdrcnt);
> 		if (i % 100 == 0) {
>-- 
>1.7.9.5
>
>
>From fe178e2c22a8e13cbe76f23513426b8744c075b6 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 19 Feb 2014 13:57:28 +0100
>Subject: [PATCH 03/17] s3:client: only limit the buffer by the given length
> 'n'
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit f0f245f4c8b1a506e8d06c72d3d6680b95738714)
>---
> source3/client/client.c |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/client/client.c b/source3/client/client.c
>index afa5847..b4a3031 100644
>--- a/source3/client/client.c
>+++ b/source3/client/client.c
>@@ -232,7 +232,7 @@ static int readfile(uint8_t *b, int n, XFILE *f)
> 		return x_fread(b,1,n,f);
> 
> 	i = 0;
>-	while (i < (n - 1) && (i < BUFFER_SIZE)) {
>+	while (i < (n - 1)) {
> 		if ((c = x_getc(f)) == EOF) {
> 			break;
> 		}
>-- 
>1.7.9.5
>
>
>From f2ceb1975f9eedb7ac57b874f5508a1c30fb22a3 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 19 Feb 2014 13:59:07 +0100
>Subject: [PATCH 04/17] s3:param: avoid using BUFFER_SIZE to limit the
> lp_min_receive_file_size()
>
>There's really no reason to add such limit.
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 74f8c3568a5dcdee108a0526cefac9d282361044)
>---
> source3/param/loadparm.c |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
>index b9945ac..a339a1d 100644
>--- a/source3/param/loadparm.c
>+++ b/source3/param/loadparm.c
>@@ -5467,7 +5467,7 @@ int lp_min_receive_file_size(void)
> 	if (Globals.iminreceivefile < 0) {
> 		return 0;
> 	}
>-	return MIN(Globals.iminreceivefile, BUFFER_SIZE);
>+	return Globals.iminreceivefile;
> }
> 
> /*******************************************************************
>-- 
>1.7.9.5
>
>
>From dc7d5c5cb52788dafdb5ac0b4d0f987d74a1e2be Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 6 Dec 2013 13:28:35 +0100
>Subject: [PATCH 05/17] libcli/smb: add SMB_BUFFER_SIZE_MIN/MAX defines
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 900839e2216048a614f2f0aeb1f79092fc93334f)
>---
> libcli/smb/smb_constants.h |    8 ++++++++
> 1 file changed, 8 insertions(+)
>
>diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
>index 8a3ef72..175ffaf 100644
>--- a/libcli/smb/smb_constants.h
>+++ b/libcli/smb/smb_constants.h
>@@ -208,6 +208,14 @@ enum smb_signing_setting {
> #define NEGOTIATE_SECURITY_SIGNATURES_ENABLED	0x04
> #define NEGOTIATE_SECURITY_SIGNATURES_REQUIRED	0x08
> 
>+/*
>+ * The negotiated buffer size for non LARGE_READX/WRITEX
>+ * should be limited to uint16_t and has to be at least
>+ * 500, which is the default for MinClientBufferSize on Windows.
>+ */
>+#define SMB_BUFFER_SIZE_MIN 500
>+#define SMB_BUFFER_SIZE_MAX 65535
>+
> /* Capabilities.  see ftp.microsoft.com/developr/drg/cifs/cifs/cifs4.txt */
> 
> #define CAP_RAW_MODE		0x00000001
>-- 
>1.7.9.5
>
>
>From 007a46e314439a2443023de74e490cb196769712 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 6 Dec 2013 13:57:15 +0100
>Subject: [PATCH 06/17] s3:include: let CLI_BUFFER_SIZE be an alias of
> SMB_BUFFER_SIZE_MAX
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 7f3faa1f1837870195352253fe220e0677565d9e)
>---
> source3/include/client.h |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/include/client.h b/source3/include/client.h
>index 6c20843..3f92d6d 100644
>--- a/source3/include/client.h
>+++ b/source3/include/client.h
>@@ -22,7 +22,7 @@
> #ifndef _CLIENT_H
> #define _CLIENT_H
> 
>-#define CLI_BUFFER_SIZE (0xFFFF)
>+#define CLI_BUFFER_SIZE SMB_BUFFER_SIZE_MAX
> 
> /* default client timeout to 20 seconds on most commands */
> #define CLIENT_TIMEOUT (20 * 1000)
>-- 
>1.7.9.5
>
>
>From 6966c885ec1432e897cbc98171bf00abf1227434 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 6 Dec 2013 13:45:35 +0100
>Subject: [PATCH 07/17] s3:smbd: use SMB_BUFFER_SIZE_MIN/MAX to limit
> lp_max_xmit()
>
>The current limit of 128*1024 causes problems as the value has to be
><= UINT16_MAX otherwise some clients get confused, as they want to
>use the MaxBufferSize value from the negprot response (uint32_t)
>for the MaxBufferSize value in thet session setup request (uint16_t).
>E.g. Windows 7 (as client) sends MaxBufferSize = 0 if the server value
>is > UINT16_MAX.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit a349b0bef9085fd139640ec92399bc63d8029cb9)
>---
> source3/smbd/process.c |    7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
>diff --git a/source3/smbd/process.c b/source3/smbd/process.c
>index 48dbfa1..02a219e 100644
>--- a/source3/smbd/process.c
>+++ b/source3/smbd/process.c
>@@ -3367,6 +3367,7 @@ void smbd_process(struct tevent_context *ev_ctx,
> 	const char *remaddr = NULL;
> 	char *rhost;
> 	int ret;
>+	int tmp;
> 
> 	conn = talloc_zero(ev_ctx, struct smbXsrv_connection);
> 	if (conn == NULL) {
>@@ -3655,7 +3656,11 @@ void smbd_process(struct tevent_context *ev_ctx,
> 
> 	sconn->nbt.got_session = false;
> 
>-	sconn->smb1.negprot.max_recv = MIN(lp_max_xmit(),BUFFER_SIZE);
>+	tmp = lp_max_xmit();
>+	tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
>+	tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
>+
>+	sconn->smb1.negprot.max_recv = tmp;
> 
> 	sconn->smb1.sessions.done_sesssetup = false;
> 	sconn->smb1.sessions.max_send = BUFFER_SIZE;
>-- 
>1.7.9.5
>
>
>From c5efb3847fec7b58e9e7e1a11f13641ecdcd2422 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 6 Dec 2013 13:50:49 +0100
>Subject: [PATCH 08/17] s3:smbd: use sconn->smb1.sessions.max_send =
> SMB_BUFFER_SIZE_MAX
>
>SMB_BUFFER_SIZE_MAX is UINT16_MAX and the largest value a client
>can possibly specify in the session setup request.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 5cd5c1613996ecebdcd632e932957947f4c27308)
>---
> source3/smbd/process.c |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/smbd/process.c b/source3/smbd/process.c
>index 02a219e..50c41ea 100644
>--- a/source3/smbd/process.c
>+++ b/source3/smbd/process.c
>@@ -3663,7 +3663,7 @@ void smbd_process(struct tevent_context *ev_ctx,
> 	sconn->smb1.negprot.max_recv = tmp;
> 
> 	sconn->smb1.sessions.done_sesssetup = false;
>-	sconn->smb1.sessions.max_send = BUFFER_SIZE;
>+	sconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX;
> 
> 	if (!init_dptrs(sconn)) {
> 		exit_server("init_dptrs() failed");
>-- 
>1.7.9.5
>
>
>From a69a68b25ebb1b0aec2b8912186967c8a9a670da Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 6 Dec 2013 13:52:09 +0100
>Subject: [PATCH 09/17] s3:smbd: reject a MaxBufferSize < SMB_BUFFER_SIZE_MIN
> (500) in a session setup request
>
>This makes sure sconn->smb1.sessions.max_send is always >= SMB_BUFFER_SIZE_MIN.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit cce1eaea91088efd742891befdaafade0c1fdce6)
>---
> source3/smbd/sesssetup.c |   19 +++++++++++++------
> 1 file changed, 13 insertions(+), 6 deletions(-)
>
>diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
>index 4728759..5128328 100644
>--- a/source3/smbd/sesssetup.c
>+++ b/source3/smbd/sesssetup.c
>@@ -379,10 +379,13 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
> 		}
> 
> 		if (!sconn->smb1.sessions.done_sesssetup) {
>-			sconn->smb1.sessions.max_send =
>-				MIN(sconn->smb1.sessions.max_send,smb_bufsize);
>+			if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
>+				reply_force_doserror(req, ERRSRV, ERRerror);
>+				return;
>+			}
>+			sconn->smb1.sessions.max_send = smb_bufsize;
>+			sconn->smb1.sessions.done_sesssetup = true;
> 		}
>-		sconn->smb1.sessions.done_sesssetup = true;
> 
> 		/* current_user_info is changed on new vuid */
> 		reload_services(sconn, conn_snum_used, true);
>@@ -1084,10 +1087,14 @@ void reply_sesssetup_and_X(struct smb_request *req)
> 	req->vuid = sess_vuid;
> 
> 	if (!sconn->smb1.sessions.done_sesssetup) {
>-		sconn->smb1.sessions.max_send =
>-			MIN(sconn->smb1.sessions.max_send,smb_bufsize);
>+		if (smb_bufsize < SMB_BUFFER_SIZE_MIN) {
>+			reply_force_doserror(req, ERRSRV, ERRerror);
>+			END_PROFILE(SMBsesssetupX);
>+			return;
>+		}
>+		sconn->smb1.sessions.max_send = smb_bufsize;
>+		sconn->smb1.sessions.done_sesssetup = true;
> 	}
>-	sconn->smb1.sessions.done_sesssetup = true;
> 
> 	END_PROFILE(SMBsesssetupX);
> }
>-- 
>1.7.9.5
>
>
>From 330f6c4b9c13977c41bfaaf5fe96e5ce1d08c8f5 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 6 Dec 2013 13:53:45 +0100
>Subject: [PATCH 10/17] s3:smbd: take less than SMB_BUFFER_SIZE_MIN ('500') as
> header overhead in ipc.c
>
>We're now sure that sconn->smb1.sessions.max_send is >= SMB_BUFFER_SIZE_MIN.
>in order to garantee some progress we need to make sure our assumed
>header overhead is less than SMB_BUFFER_SIZE_MIN.
>
>Assuming 372 bytes for the SMBtrans headers should still be more than
>enough.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 2ec49cf57c88735be962b0681b487df5efe7ed6b)
>---
> source3/smbd/ipc.c |   10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
>diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
>index 91d5047..dbb259c 100644
>--- a/source3/smbd/ipc.c
>+++ b/source3/smbd/ipc.c
>@@ -109,12 +109,14 @@ void send_trans_reply(connection_struct *conn,
> 	int lparam = rparam ? rparam_len : 0;
> 	struct smbd_server_connection *sconn = req->sconn;
> 	int max_send = sconn->smb1.sessions.max_send;
>+	/* HACK: make sure we send at least 128 byte in one go */
>+	int hdr_overhead = SMB_BUFFER_SIZE_MIN - 128;
> 
> 	if (buffer_too_large)
> 		DEBUG(5,("send_trans_reply: buffer %d too large\n", ldata ));
> 
>-	this_lparam = MIN(lparam,max_send - 500); /* hack */
>-	this_ldata  = MIN(ldata,max_send - (500+this_lparam));
>+	this_lparam = MIN(lparam,max_send - hdr_overhead);
>+	this_ldata  = MIN(ldata,max_send - (hdr_overhead+this_lparam));
> 
> 	align = ((this_lparam)%4);
> 
>@@ -163,9 +165,9 @@ void send_trans_reply(connection_struct *conn,
> 	while (tot_data_sent < ldata || tot_param_sent < lparam)
> 	{
> 		this_lparam = MIN(lparam-tot_param_sent,
>-				  max_send - 500); /* hack */
>+				  max_send - hdr_overhead);
> 		this_ldata  = MIN(ldata -tot_data_sent,
>-				  max_send - (500+this_lparam));
>+				  max_send - (hdr_overhead+this_lparam));
> 
> 		if(this_lparam < 0)
> 			this_lparam = 0;
>-- 
>1.7.9.5
>
>
>From 077136406ea43e8f9688613d2810fcb898735c0f Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Tue, 4 Mar 2014 14:07:26 +0100
>Subject: [PATCH 11/17] s3:smbd: fix lockread numtoread calculation to match
> reply_outbuf() arguments.
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 3dac00b568613f5a1322883237e40b98ddd1d71d)
>---
> source3/smbd/reply.c |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
>index 6b926fb..35d42e8 100644
>--- a/source3/smbd/reply.c
>+++ b/source3/smbd/reply.c
>@@ -3500,7 +3500,7 @@ void reply_lockread(struct smb_request *req)
> 	numtoread = SVAL(req->vwv+1, 0);
> 	startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
> 
>-	numtoread = MIN(BUFFER_SIZE - (smb_size + 3*2 + 3), numtoread);
>+	numtoread = MIN(BUFFER_SIZE - (smb_size + 5*2 + 3), numtoread);
> 
> 	reply_outbuf(req, 5, numtoread + 3);
> 
>-- 
>1.7.9.5
>
>
>From ade554398c705df366e76ee9e499718bcc00e93d Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Tue, 4 Mar 2014 14:07:26 +0100
>Subject: [PATCH 12/17] s3:smbd: pass the final numtoread reply_outbuf() for
> the lockread reply.
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit b86f90611820bcf7826bd1de3c7b05488a8f1b0e)
>---
> source3/smbd/reply.c |    9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
>diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
>index 35d42e8..0ed5b51 100644
>--- a/source3/smbd/reply.c
>+++ b/source3/smbd/reply.c
>@@ -3502,10 +3502,6 @@ void reply_lockread(struct smb_request *req)
> 
> 	numtoread = MIN(BUFFER_SIZE - (smb_size + 5*2 + 3), numtoread);
> 
>-	reply_outbuf(req, 5, numtoread + 3);
>-
>-	data = smb_buf(req->outbuf) + 3;
>-
> 	/*
> 	 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
> 	 * protocol request that predates the read/write lock concept. 
>@@ -3544,6 +3540,11 @@ Returning short read of maximum allowed for compatibility with Windows 2000.\n",
> 			(unsigned int)sconn->smb1.negprot.max_recv));
> 		numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
> 	}
>+
>+	reply_outbuf(req, 5, numtoread + 3);
>+
>+	data = smb_buf(req->outbuf) + 3;
>+
> 	nread = read_file(fsp,data,startpos,numtoread);
> 
> 	if (nread < 0) {
>-- 
>1.7.9.5
>
>
>From b89ef8ab373be097ea309bbbf75e1e031204e32f Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Tue, 4 Mar 2014 14:07:26 +0100
>Subject: [PATCH 13/17] s3:smbd: fix the lockread numtoread calculation
> depending on the max_send.
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit f69be2c28e097c66907df264794706006fe0ae7f)
>---
> source3/smbd/reply.c |   18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
>diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
>index 0ed5b51..602eb16 100644
>--- a/source3/smbd/reply.c
>+++ b/source3/smbd/reply.c
>@@ -3470,6 +3470,7 @@ void reply_lockread(struct smb_request *req)
> 	char *data;
> 	off_t startpos;
> 	size_t numtoread;
>+	size_t maxtoread;
> 	NTSTATUS status;
> 	files_struct *fsp;
> 	struct byte_range_lock *br_lck = NULL;
>@@ -3500,14 +3501,12 @@ void reply_lockread(struct smb_request *req)
> 	numtoread = SVAL(req->vwv+1, 0);
> 	startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
> 
>-	numtoread = MIN(BUFFER_SIZE - (smb_size + 5*2 + 3), numtoread);
>-
> 	/*
> 	 * NB. Discovered by Menny Hamburger at Mainsoft. This is a core+
> 	 * protocol request that predates the read/write lock concept. 
> 	 * Thus instead of asking for a read lock here we need to ask
> 	 * for a write lock. JRA.
>-	 * Note that the requested lock size is unaffected by max_recv.
>+	 * Note that the requested lock size is unaffected by max_send.
> 	 */
> 
> 	br_lck = do_lock(req->sconn->msg_ctx,
>@@ -3530,15 +3529,16 @@ void reply_lockread(struct smb_request *req)
> 	}
> 
> 	/*
>-	 * However the requested READ size IS affected by max_recv. Insanity.... JRA.
>+	 * However the requested READ size IS affected by max_send. Insanity.... JRA.
> 	 */
>+	maxtoread = sconn->smb1.sessions.max_send - (smb_size + 5*2 + 3);
> 
>-	if (numtoread > sconn->smb1.negprot.max_recv) {
>-		DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u). \
>+	if (numtoread > maxtoread) {
>+		DEBUG(0,("reply_lockread: requested read size (%u) is greater than maximum allowed (%u/%u). \
> Returning short read of maximum allowed for compatibility with Windows 2000.\n",
>-			(unsigned int)numtoread,
>-			(unsigned int)sconn->smb1.negprot.max_recv));
>-		numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
>+			(unsigned int)numtoread, (unsigned int)maxtoread,
>+			(unsigned int)sconn->smb1.sessions.max_send));
>+		numtoread = maxtoread;
> 	}
> 
> 	reply_outbuf(req, 5, numtoread + 3);
>-- 
>1.7.9.5
>
>
>From 62135f8463a08dcb320d3648d01fd02c38786162 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Tue, 4 Mar 2014 14:07:26 +0100
>Subject: [PATCH 14/17] s3:smbd: fix the read numtoread calculation depending
> on the max_send.
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 8b746f5a2137b74e28bce5370f5aa9d4bcdac6c2)
>---
> source3/smbd/reply.c |   18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
>diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
>index 602eb16..5b4c20d 100644
>--- a/source3/smbd/reply.c
>+++ b/source3/smbd/reply.c
>@@ -3579,10 +3579,10 @@ void reply_read(struct smb_request *req)
> {
> 	connection_struct *conn = req->conn;
> 	size_t numtoread;
>+	size_t maxtoread;
> 	ssize_t nread = 0;
> 	char *data;
> 	off_t startpos;
>-	int outsize = 0;
> 	files_struct *fsp;
> 	struct lock_struct lock;
> 	struct smbd_server_connection *sconn = req->sconn;
>@@ -3611,17 +3611,17 @@ void reply_read(struct smb_request *req)
> 	numtoread = SVAL(req->vwv+1, 0);
> 	startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
> 
>-	numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
>-
> 	/*
>-	 * The requested read size cannot be greater than max_recv. JRA.
>+	 * The requested read size cannot be greater than max_send. JRA.
> 	 */
>-	if (numtoread > sconn->smb1.negprot.max_recv) {
>-		DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u). \
>+	maxtoread = sconn->smb1.sessions.max_send - (smb_size + 5*2 + 3);
>+
>+	if (numtoread > maxtoread) {
>+		DEBUG(0,("reply_read: requested read size (%u) is greater than maximum allowed (%u/%u). \
> Returning short read of maximum allowed for compatibility with Windows 2000.\n",
>-			(unsigned int)numtoread,
>-			(unsigned int)sconn->smb1.negprot.max_recv));
>-		numtoread = MIN(numtoread, sconn->smb1.negprot.max_recv);
>+			(unsigned int)numtoread, (unsigned int)maxtoread,
>+			(unsigned int)sconn->smb1.sessions.max_send));
>+		numtoread = maxtoread;
> 	}
> 
> 	reply_outbuf(req, 5, numtoread+3);
>-- 
>1.7.9.5
>
>
>From 1baad40437cf2e7e389430ba160277582335c7af Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 5 Mar 2014 14:00:40 +0100
>Subject: [PATCH 15/17] s3:smbd: simplify maxentries calculation in
> reply_search()
>
>Using helper variables make it much easier to understand.
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 734e1b65044a33eba01b41695502c2257c1a4d9e)
>---
> source3/smbd/reply.c |    9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
>diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
>index 5b4c20d..7555417 100644
>--- a/source3/smbd/reply.c
>+++ b/source3/smbd/reply.c
>@@ -1698,11 +1698,10 @@ void reply_search(struct smb_request *req)
> 		}
> 	} else {
> 		unsigned int i;
>-		maxentries = MIN(
>-			maxentries,
>-			((BUFFER_SIZE -
>-			  ((uint8 *)smb_buf(req->outbuf) + 3 - req->outbuf))
>-			 /DIR_STRUCT_SIZE));
>+		size_t hdr_size = ((uint8_t *)smb_buf(req->outbuf) + 3 - req->outbuf);
>+		size_t available_space = BUFFER_SIZE - hdr_size;
>+
>+		maxentries = MIN(maxentries, available_space/DIR_STRUCT_SIZE);
> 
> 		DEBUG(8,("dirpath=<%s> dontdescend=<%s>\n",
> 			 directory,lp_dontdescend(ctx, SNUM(conn))));
>-- 
>1.7.9.5
>
>
>From 26c7b1061ad983c69e93944f4e3a6348ad3ea4fa Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Wed, 5 Mar 2014 14:03:42 +0100
>Subject: [PATCH 16/17] s3:smbd: fix the maxentries calculation depending on
> the max_send.
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit c899d4fd9c5a337ab82acdf11866df50fb0629e0)
>---
> source3/smbd/reply.c |    2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
>index 7555417..055efd3 100644
>--- a/source3/smbd/reply.c
>+++ b/source3/smbd/reply.c
>@@ -1699,7 +1699,7 @@ void reply_search(struct smb_request *req)
> 	} else {
> 		unsigned int i;
> 		size_t hdr_size = ((uint8_t *)smb_buf(req->outbuf) + 3 - req->outbuf);
>-		size_t available_space = BUFFER_SIZE - hdr_size;
>+		size_t available_space = sconn->smb1.sessions.max_send - hdr_size;
> 
> 		maxentries = MIN(maxentries, available_space/DIR_STRUCT_SIZE);
> 
>-- 
>1.7.9.5
>
>
>From 56f3fe64bd327aacecf5a92ac4357d0e04ff429e Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Fri, 6 Dec 2013 13:56:12 +0100
>Subject: [PATCH 17/17] s3:smbd: s/BUFFER_SIZE/LARGE_WRITEX_BUFFER_SIZE
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>
>Autobuild-User(master): Jeremy Allison <jra@samba.org>
>Autobuild-Date(master): Wed Mar  5 22:53:34 CET 2014 on sn-devel-104
>(cherry picked from commit 032621d5bf842e60dc9cd1cd0d3acc90482462a6)
>---
> source3/include/smb.h  |    4 +---
> source3/smbd/process.c |    2 +-
> 2 files changed, 2 insertions(+), 4 deletions(-)
>
>diff --git a/source3/include/smb.h b/source3/include/smb.h
>index 64ea568..7ff997e 100644
>--- a/source3/include/smb.h
>+++ b/source3/include/smb.h
>@@ -32,11 +32,9 @@
> /* logged when starting the various Samba daemons */
> #define COPYRIGHT_STARTUP_MESSAGE	"Copyright Andrew Tridgell and the Samba Team 1992-2013"
> 
>-
>-#define BUFFER_SIZE (128*1024)
>-
> #define SAFETY_MARGIN 1024
> #define LARGE_WRITEX_HDR_SIZE 65
>+#define LARGE_WRITEX_BUFFER_SIZE (128*1024)
> 
> #define NMB_PORT 137
> #define DGRAM_PORT 138
>diff --git a/source3/smbd/process.c b/source3/smbd/process.c
>index 50c41ea..45bde2f 100644
>--- a/source3/smbd/process.c
>+++ b/source3/smbd/process.c
>@@ -244,7 +244,7 @@ static bool valid_packet_size(size_t len)
> 	 * of header. Don't print the error if this fits.... JRA.
> 	 */
> 
>-	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
>+	if (len > (LARGE_WRITEX_BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
> 		DEBUG(0,("Invalid packet length! (%lu bytes).\n",
> 					(unsigned long)len));
> 		return false;
>-- 
>1.7.9.5
>

Flags:

jra: review+

Actions: View

Attachments on bug 10422: 9673 | 9690 | 9691 | 9698 | 9792 | 9793