Bug 4512 - string overflow share name lenght greater than 32 characters
Summary: string overflow share name lenght greater than 32 characters
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.23c
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-15 22:47 UTC by Mauricio Silveira
Modified: 2007-04-16 17:44 UTC (History)
1 user (show)

See Also:


Attachments
Patch (3.11 KB, patch)
2007-04-16 14:12 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mauricio Silveira 2007-04-15 22:47:29 UTC
Found a bug, I guess.

Windows Machines are able to export share name with lengths greater than 32 chars, samba isn't.

Reproduce:
1.) Create a share, say: [1234567890123456789012345678901234567890]
2.) On a windows machine, use net use X: "\\SERVERNAME\1234567890123456789012345678901234567890"
3.) Enter X: through Explorer, right click and you'll see the only item is "Folder".
4.) Files/Folder Names now follow the old DOS filename/extension rules. Except that you can open files greater than 8.3 format, change,overwrite...
5.) Try to copy a file with name greater than the 8.3 format and a "Select File Name" box will show up

Windows 98 amazingly handles this, the bug doesn't show up, it is able to show the whole "Create New" menu items well.

If you export a 60-chars lenght share from a Windows XP box to another, the map goes well, as well as a XP->98 mapping...

This leads me to a (possible) conclusion: SAMBA might have something related to this mis-implemented. It is possible that what is not implemented/incorrectly implemented might not affect w9x because w9x simply might not use it.

I just don't know if this affects w2k, w2k3, vista...

Here's the log output (loglevel=4)
[2007/04/16 00:43:25, 0] lib/util_str.c:safe_strcpy_fn(603)
  ERROR: string overflow by 1 (24 - 23) in safe_strcpy [123456789012345678901234567890123456789012345]

Cutting the share name down to 23 chars return no erro in log, 24+ returns the error

PS: I'm using Windows XP SP2.

My system is a linux Slackware with default samba 3.0.23c, kernel 2.6.20.6

It's been reproduced with other machines/kernel versions with the same Slackware 11 + stock 3.0.23c samba version.

Hope this helps and is easily solved
Comment 1 Jeremy Allison 2007-04-16 13:08:51 UTC
The problem is Samba stuffing the sharename into the volume label field.
I have a fix for this - should be in 3.0.25.
Jeremy.
Comment 2 Jeremy Allison 2007-04-16 14:12:18 UTC
Created attachment 2390 [details]
Patch
Comment 3 Jeremy Allison 2007-04-16 14:12:32 UTC
Fixed for 3.0.25rc2.
Jeremy.
Comment 4 Mauricio Silveira 2007-04-16 17:44:23 UTC
Perfect, I have applied these changes into the 3.0.23c version and it works flawlessly. It might solve some problems with win98 too...

CASE: I have a client with long share names and 4 win98 + 4 winxp machines... (really small business)

The xp machines had the problem reported here, and w98 presents problems reading files with MS-word (And MS Word only!), the program crashes, other extensions such as ppt, xls the Office suite handled well.

If I'm no wrong, 2 of the w98 stations are crashing with .doc files.
I'll update the file server with this patch applied to samba and watch what happens. Any results I'll post here.

Mauricio