14223 – Floating point exception in vfs_fruit.c

Bug 14223 - Floating point exception in vfs_fruit.c

Summary: Floating point exception in vfs_fruit.c

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	VFS Modules (show other bugs)
Version:	4.11.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Ralph Böhme
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-12-22 08:19 UTC by Felix J. Ogris
Modified:	2020-11-17 21:07 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
patch for vfs_fruit.c of 4.11.4 (500 bytes, patch) 2019-12-22 08:19 UTC, Felix J. Ogris	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix J. Ogris 2019-12-22 08:19:15 UTC

Created attachment 15720 [details]
patch for vfs_fruit.c of 4.11.4

vfs_fruit.c of Samba 4.10 and 4.11 divide by zero in fruit_tmsize_do_dirent() if you create a fresh time machine backup in an empty directory which contains no bands yet. Around line 6974:

if (bandsize > SIZE_MAX/nbands) {

Trivial patch is attached.
smbd in debug mode (eg. smbd -S -F -i -d 10 -s /usr/local/etc/smb4.conf) was very helpful finding this one.

Comment 1 Sam Vaughan 2020-11-17 21:06:52 UTC

I encountered this issue on FreeBSD 12.1 running Samba 4.11.11.  Creating a new Time Machine backup to a Samba share crashes samba with a floating point division by zero error.

I added Felix's patch to the existing patch set and rebuilt the samba411 port and now it works fine.

As Felix mentioned, the patch is trivial and the bug is obvious in the source code.  This issue has been here for nearly a year now.  Can the patch please be applied to vfs_fruit.c?

Thank you!

Sam

Comment 2 Ralph Böhme 2020-11-17 21:07:57 UTC

I'll take a look tomorrow.