Bug 10544 - s3-lib/util: set_namearray reads across end of namelist string
s3-lib/util: set_namearray reads across end of namelist string
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
unspecified
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-08 11:02 UTC by Björn Baumbach
Modified: 2014-10-13 10:52 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for master. (1.64 KB, patch)
2014-04-08 19:45 UTC, Jeremy Allison
no flags Details
Additional git-am fix for master. (2.06 KB, patch)
2014-04-08 19:46 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Baumbach 2014-04-08 11:02:17 UTC
If the namelist, which set_namearray receives, is not terminated with a
 '/', we try to read the next character behind the string termination '\0'.
In the case that the namelist is followed by a (more or less) valid
string, we could produce several effects like unintentional vetoed,
hidden or non-oplocked files or failures like:
"Conversion error: Incomplete multibyte sequence(..."


Sent patch to samba-technical for discussion.
Comment 1 Jeremy Allison 2014-04-08 19:45:12 UTC
Created attachment 9837 [details]
git-am fix for master.

Patch that went into master.
Comment 2 Jeremy Allison 2014-04-08 19:46:36 UTC
Created attachment 9838 [details]
Additional git-am fix for master.

This additional patch isn't necessary, but cleans up the internal logic of the while loops so they are correct.

Jeremy.
Comment 3 Jeremy Allison 2014-04-08 19:53:55 UTC
Both patchsets apply cleanly to 4.0.next and 4.1.next.

Jeremy.
Comment 4 Michael Adam 2014-04-08 21:14:31 UTC
Comment on attachment 9837 [details]
git-am fix for master.

ACK for 4.1 and 4.0
Comment 5 Jeremy Allison 2014-04-08 21:16:17 UTC
Michael, can you look at the logic fix also ? I'm a fan of making this code utterly robust (belt and braces :-).

Jeremy.
Comment 6 Michael Adam 2014-04-08 21:40:46 UTC
(In reply to comment #5)
> Michael, can you look at the logic fix also ? I'm a fan of making this code
> utterly robust (belt and braces :-).
> 
> Jeremy.

I am currently looking at the patch.
I will review+push to master once I am confident.
I am not certain yet, that this improvement should
go into the bugfix releases.

Cheers - Michael
Comment 7 Jeremy Allison 2014-04-08 21:45:57 UTC
Ah fair enough. I'm happy if you just push to master then :-).

Jeremy.
Comment 8 Jeremy Allison 2014-04-08 21:55:23 UTC
Re-assigning to Karolin to push to 4.1.next and 4.0.next.
Jeremy.
Comment 9 Michael Adam 2014-04-11 12:28:19 UTC
(In reply to comment #8)
> Re-assigning to Karolin to push to 4.1.next and 4.0.next.
> Jeremy.

Do we need to clarify what exactly to bring to 4.X.next ?

Björn original patch went into master as
8f46b130c5c796d66d26982f5cd99c52f7c8ece1

And Jeremy's on-top patch went into master with minor
update by me (compared to the attached version) as
4f59580331b934b183c3344da57f2002d88d4512

Do we pick both? I am OK with both.

Michael
Comment 10 Michael Adam 2014-04-11 12:29:01 UTC
Comment on attachment 9837 [details]
git-am fix for master.

superseded by master patch 8f46b130c5c796d66d26982f5cd99c52f7c8ece1
Comment 11 Michael Adam 2014-04-11 12:29:23 UTC
Comment on attachment 9838 [details]
Additional git-am fix for master.

superseded by master patch 4f59580331b934b183c3344da57f2002d88d4512
Comment 12 Karolin Seeger 2014-04-29 08:21:54 UTC
Pushed both patches to autobuild-[v4-1|4-0]-test.
Comment 13 Karolin Seeger 2014-05-19 09:02:00 UTC
(In reply to comment #12)
> Pushed both patches to autobuild-[v4-1|4-0]-test.

Pushed to both branches.
Closing out bug report.

Thanks!