Created attachment 6305 [details] 0001-s3-Attempt-to-fix-bug-8016-gpfs_get_xattr-broken.patch gpfs_get_xattr() prints DOS attributes as a string into a buffer. It then returns the buffer size passed by the caller instead of the string length, which eventually leads to ndr_pull_struct_blob() reading past the end of the string. This bug is already fixed in branch "v3-6-stable". However, it would be nice if it were fixed in the next 3.5 release.
On Wed, Mar 16, 2011 at 12:44:10PM +0100, samba-bugs@samba.org wrote: > gpfs_get_xattr() prints DOS attributes as a string into a buffer. > It then returns the buffer size passed by the caller instead of the > string length, which eventually leads to ndr_pull_struct_blob() reading > past the end of the string. Can you try the attached patch? I don't have the environment handy right now, so this isn't even compiled. Please report success or failure. Volker
It works (tested on AIX 5.3 with GPFS 3.4.0.4). Thanks!
Comment on attachment 6305 [details] 0001-s3-Attempt-to-fix-bug-8016-gpfs_get_xattr-broken.patch Looks good
Karolin, please pick for the next 3.5 release
Pushed to v3-5-test. Closing out bug report. Thanks!