The branch, v3-0-test has been updated
via 183eea4909d6678ac382eac16a5873a1fa3fd065 (commit)
from 14ecfecbdf3e631f87d83337e06060724deb7756 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -----------------------------------------------------------------
commit 183eea4909d6678ac382eac16a5873a1fa3fd065
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date: Fri Nov 16 13:12:51 2007 -0800
Fix smbfs to not trigger our paranoid checker.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/smbd/negprot.c | 2 +-
source/smbd/reply.c | 8 ++++----
source/smbd/srvstr.c | 13 +++----------
source/smbd/trans2.c | 40 ++++++++++++++++++++--------------------
4 files changed, 28 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/negprot.c b/source/smbd/negprot.c
index bc7c75a..a84def0 100644
--- a/source/smbd/negprot.c
+++ b/source/smbd/negprot.c
@@ -346,7 +346,7 @@ static int reply_nt1(char *inbuf, char *outbuf)
SCVAL(outbuf,smb_vwv16+1,8);
p += 8;
}
- p += srvstr_push(outbuf, p, lp_workgroup(), -1,
+ p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE -
(p-outbuf),
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
DEBUG(3,("not using SPNEGO\n"));
} else {
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 55f62a2..54bf888 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -524,7 +524,7 @@ int reply_tcon_and_X(connection_struct *conn, char
*inbuf,char *outbuf,int lengt
if (Protocol < PROTOCOL_NT1) {
set_message(outbuf,2,0,True);
p = smb_buf(outbuf);
- p += srvstr_push(outbuf, p, server_devicetype, -1,
+ p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p
- outbuf),
STR_TERMINATE|STR_ASCII);
set_message_end(outbuf,p);
} else {
@@ -554,9 +554,9 @@ int reply_tcon_and_X(connection_struct *conn, char
*inbuf,char *outbuf,int lengt
}
p = smb_buf(outbuf);
- p += srvstr_push(outbuf, p, server_devicetype, -1,
+ p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p
- outbuf),
STR_TERMINATE|STR_ASCII);
- p += srvstr_push(outbuf, p, fstype, -1,
+ p += srvstr_push(outbuf, p, fstype, BUFFER_SIZE - (p - outbuf),
STR_TERMINATE);
set_message_end(outbuf,p);
@@ -1766,7 +1766,7 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char
*outbuf, int dum_size,
thing in the byte section. JRA */
SSVALS(p, 0, -1); /* what is this? not in spec */
#endif
- namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);
+ namelen = srvstr_push(outbuf, p, s, BUFFER_SIZE - (p - outbuf),
STR_ASCII|STR_TERMINATE);
p += namelen;
outsize = set_message_end(outbuf, p);
diff --git a/source/smbd/srvstr.c b/source/smbd/srvstr.c
index 409fd30..7dc2567 100644
--- a/source/smbd/srvstr.c
+++ b/source/smbd/srvstr.c
@@ -28,17 +28,10 @@ size_t srvstr_push_fn(const char *function, unsigned int
line,
const char *base_ptr, void *dest,
const char *src, int dest_len, int flags)
{
- size_t buf_used = PTR_DIFF(dest, base_ptr);
- if (dest_len == -1) {
- if (((ptrdiff_t)dest < (ptrdiff_t)base_ptr) || (buf_used >
(size_t)max_send)) {
-#if 0
- DEBUG(0, ("Pushing string of 'unlimited' length into
non-SMB buffer!\n"));
-#endif
- return push_string_fn(function, line, base_ptr, dest,
src, -1, flags);
- }
- return push_string_fn(function, line, base_ptr, dest, src,
max_send - buf_used, flags);
+ if (dest_len < 0) {
+ return 0;
}
-
+
/* 'normal' push into size-specified buffer */
return push_string_fn(function, line, base_ptr, dest, src, dest_len,
flags);
}
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index b2ce5b8..4b62343 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -1283,7 +1283,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
p += 23;
nameptr = p;
p += align_string(outbuf, p, 0);
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
SCVAL(nameptr, -1, len - 2);
@@ -1318,7 +1318,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
}
p += 27;
nameptr = p - 1;
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE |
STR_NOALIGN);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE | STR_NOALIGN);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
@@ -1372,9 +1372,9 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
}
/* Push the ea_data followed by the name. */
- p += fill_ea_buffer(ea_ctx, p, space_remaining, conn,
name_list);
+ p += fill_ea_buffer(ea_ctx, p, space_remaining - (p -
pdata), conn, name_list);
nameptr = p;
- len = srvstr_push(outbuf, p + 1, fname, -1,
STR_TERMINATE | STR_NOALIGN);
+ len = srvstr_push(outbuf, p + 1, fname, space_remaining
- (p - pdata), STR_TERMINATE | STR_NOALIGN);
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
if (len > 2) {
len -= 2;
@@ -1431,7 +1431,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
memset(p,'\0',26);
}
p += 2 + 24;
- len = srvstr_push(outbuf, p, fname, -1,
STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE_ASCII);
SIVAL(q,0,len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1452,7 +1452,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
SOFF_T(p,0,file_size); p += 8;
SOFF_T(p,0,allocation_size); p += 8;
SIVAL(p,0,nt_extmode); p += 4;
- len = srvstr_push(outbuf, p + 4, fname, -1,
STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p + 4, fname, space_remaining
- (p - pdata), STR_TERMINATE_ASCII);
SIVAL(p,0,len);
p += 4 + len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1479,7 +1479,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
SIVAL(p,0,ea_size); /* Extended attributes */
p +=4;
}
- len = srvstr_push(outbuf, p, fname, -1,
STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE_ASCII);
SIVAL(q, 0, len);
p += len;
@@ -1497,7 +1497,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
p += 4;
/* this must *not* be null terminated or w2k gets in a
loop trying to set an
acl on a dir (tridge) */
- len = srvstr_push(outbuf, p, fname, -1,
STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE_ASCII);
SIVAL(p, -4, len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1527,7 +1527,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
- len = srvstr_push(outbuf, p, fname, -1,
STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE_ASCII);
SIVAL(q, 0, len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1578,7 +1578,7 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
SSVAL(p,0,0); p += 2; /* Reserved ? */
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
- len = srvstr_push(outbuf, p, fname, -1,
STR_TERMINATE_ASCII);
+ len = srvstr_push(outbuf, p, fname, space_remaining -
(p - pdata), STR_TERMINATE_ASCII);
SIVAL(q,0,len);
p += len;
SIVAL(p,0,0); /* Ensure any padding is null. */
@@ -1601,14 +1601,14 @@ static BOOL get_lanman2_dir_entry(connection_struct
*conn,
DEBUG(10,("get_lanman2_dir_entry:
SMB_FIND_FILE_UNIX\n"));
p = store_file_unix_basic(conn, p,
NULL, &sbuf);
- len = srvstr_push(outbuf, p, fname, -1,
STR_TERMINATE);
+ len = srvstr_push(outbuf, p, fname,
space_remaining - (p - pdata), STR_TERMINATE);
} else {
DEBUG(10,("get_lanman2_dir_entry:
SMB_FIND_FILE_UNIX_INFO2\n"));
p = store_file_unix_basic_info2(conn, p,
NULL, &sbuf);
nameptr = p;
p += 4;
- len = srvstr_push(outbuf, p, fname, -1, 0);
+ len = srvstr_push(outbuf, p, fname,
space_remaining - (p - pdata), 0);
SIVAL(nameptr, 0, len);
}
@@ -2309,7 +2309,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n",
(unsigned int)st.st_dev, (unsi
* this call so try fixing this by adding a terminating
null to
* the pushed string. The change here was adding the
STR_TERMINATE. JRA.
*/
- len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel,
vname, -1, STR_NOALIGN|STR_TERMINATE);
+ len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel,
vname, max_data_bytes - l2_vol_szVolLabel, STR_NOALIGN|STR_TERMINATE);
SCVAL(pdata,l2_vol_cch,len);
data_len = l2_vol_szVolLabel + len;
DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d,
name = %s\n",
@@ -2331,14 +2331,14 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n",
(unsigned int)st.st_dev, (unsi
SIVAL(pdata,4,255); /* Max filename component length */
/* NOTE! the fstype must *not* be null terminated or
win98 won't recognise it
and will think we can't do long filenames */
- len = srvstr_push(outbuf, pdata+12, fstype, -1,
STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+12, fstype,
max_data_bytes - 12, STR_UNICODE);
SIVAL(pdata,8,len);
data_len = 12 + len;
break;
case SMB_QUERY_FS_LABEL_INFO:
case SMB_FS_LABEL_INFORMATION:
- len = srvstr_push(outbuf, pdata+4, vname, -1, 0);
+ len = srvstr_push(outbuf, pdata+4, vname,
max_data_bytes - 4, 0);
data_len = 4 + len;
SIVAL(pdata,0,len);
break;
@@ -2354,7 +2354,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n",
(unsigned int)st.st_dev, (unsi
(str_checksum(get_local_machine_name())<<16));
/* Max label len is 32 characters. */
- len = srvstr_push(outbuf, pdata+18, vname, -1,
STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+18, vname,
max_data_bytes - 18, STR_UNICODE);
SIVAL(pdata,12,len);
data_len = 18+len;
@@ -3589,7 +3589,7 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
if(!mangle_is_8_3(short_name, True, conn->params)) {
mangle_map(short_name,True,True,conn->params);
}
- len = srvstr_push(outbuf, pdata+4, short_name, -1,
STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+4, short_name,
max_data_bytes - 4, STR_UNICODE);
data_size = 4 + len;
SIVAL(pdata,0,len);
break;
@@ -3599,7 +3599,7 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
/*
this must be *exactly* right for ACLs on mapped
drives to work
*/
- len = srvstr_push(outbuf, pdata+4, dos_fname, -1,
STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+4, dos_fname,
max_data_bytes - 4, STR_UNICODE);
DEBUG(10,("call_trans2qfilepathinfo:
SMB_QUERY_FILE_NAME_INFO\n"));
data_size = 4 + len;
SIVAL(pdata,0,len);
@@ -3640,7 +3640,7 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
pdata += 24;
SIVAL(pdata,0,ea_size);
pdata += 4; /* EA info */
- len = srvstr_push(outbuf, pdata+4, dos_fname, -1,
STR_UNICODE);
+ len = srvstr_push(outbuf, pdata+4, dos_fname,
max_data_bytes - (pdata+4 - *ppdata), STR_UNICODE);
SIVAL(pdata,0,len);
pdata += 4 + len;
data_size = PTR_DIFF(pdata,(*ppdata));
@@ -3802,7 +3802,7 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
if (len == -1)
return(UNIXERROR(ERRDOS,ERRnoaccess));
buffer[len] = 0;
- len = srvstr_push(outbuf, pdata, buffer, -1,
STR_TERMINATE);
+ len = srvstr_push(outbuf, pdata, buffer,
max_data_bytes, STR_TERMINATE);
pdata += len;
data_size = PTR_DIFF(pdata,(*ppdata));
--
Samba Shared Repository
