Bug 5860 - "string overflow in safe_strcpy" if "mangled names = no"
Summary: "string overflow in safe_strcpy" if "mangled names = no"
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.2.4
Hardware: Sparc Solaris
: P3 normal
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2008-10-30 08:29 UTC by Robert Dahlem
Modified: 2008-11-02 11:21 UTC (History)
0 users

See Also:

level 10 smbd.log (321.17 KB, application/octet-stream)
2008-10-30 08:33 UTC, Robert Dahlem
no flags Details
tcpdump for the bug (62.75 KB, application/octet-stream)
2008-10-30 08:34 UTC, Robert Dahlem
no flags Details
proposed patch (797 bytes, patch)
2008-11-02 03:27 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Dahlem 2008-10-30 08:29:23 UTC
message "ERROR: string overflow by 1 (13 - 12) in safe_strcpy" keeps coming up.

The client is Windows XP Professionl SP2 (32 bit), 5.01.2600.

The bug depends on "mangeld names = no".

I followed it:
    name_to_8_3(mask, mangled_name, True, conn->params);
    if (!lp_manglednames(p)) {

In this case "mask" contains a long filename, so "in" is greater than 12.
Comment 1 Robert Dahlem 2008-10-30 08:33:21 UTC
Created attachment 3699 [details]
level 10 smbd.log
Comment 2 Robert Dahlem 2008-10-30 08:34:07 UTC
Created attachment 3700 [details]
tcpdump for the bug
Comment 3 Robert Dahlem 2008-11-02 02:57:26 UTC
This came in with revision 25009.

Comment was:
Large patch discussed with Volker. Move unix_convert to a talloc-based interface. More development will come on top of this. Remove the "mangled map" parameter. Jeremy.

Comment 4 Volker Lendecke 2008-11-02 03:03:59 UTC
Looking at that piece of code tells me that the error message is annoying but no real functional problem. Is that right?

Comment 5 Robert Dahlem 2008-11-02 03:12:59 UTC
Indeed, no errors popped up so far.

But: "no real functional problem" is kind of an elastic term. :-)
5 users browsing through some directories gives you literally hundreds of log entries per second. Can't put that into production.
Comment 6 Volker Lendecke 2008-11-02 03:27:35 UTC
Created attachment 3705 [details]
proposed patch

Can you try the attached patch?


Comment 7 Robert Dahlem 2008-11-02 03:38:49 UTC
And gone the problem is. Thx!
Comment 8 Volker Lendecke 2008-11-02 03:42:26 UTC
Pushed upstream.

Thanks for the feedback,

Comment 9 Jeremy Allison 2008-11-02 11:21:50 UTC
Thanks for taking care of it Volker, that change would have been my suggestion too :-).