The branch, master has been updated via f3df83a2c34 lib/adouble: pass filesize to ad_unpack() via 9a3da6bebcd lib/adouble: drop ad_data reallocate logic via baaaf59e948 lib/adouble: README.Coding fix: multi-line if expression via f0c8ac47a46 lib/adouble: fix a long line via b63069db9fb torture: expand test "vfs.fruit.resource fork IO" to check size from ef58222616f CVE-2019-14833 dsdb: send full password to check password script
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit f3df83a2c346d945487a27a9d258ee6331ea7dbb Author: Ralph Boehme <s...@samba.org> Date: Thu Oct 24 17:15:18 2019 +0200 lib/adouble: pass filesize to ad_unpack() ad_unpack() needs the filesize, not the capped IO size we're using in the caller to read up to "size" bystem from the ._ AppleDouble file. This fixes a regression introduced by bdc257a1cbac7e8c73a084b618ba642476807483 for bug 13968. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171 RN: vfs_fruit returns capped resource fork length Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Wed Oct 30 14:52:34 UTC 2019 on sn-devel-184 commit 9a3da6bebcdb924ca2027337544d79ac2088677e Author: Ralph Boehme <s...@samba.org> Date: Fri Oct 25 15:21:32 2019 +0200 lib/adouble: drop ad_data reallocate logic Simply set the buffer size to AD_XATTR_MAX_HDR_SIZE. When reading the AppleDouble file, read up to AD_XATTR_MAX_HDR_SIZE from the file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit baaaf59e948df625b01fa8b6317ab5c3babb4e8f Author: Ralph Boehme <s...@samba.org> Date: Thu Oct 24 17:26:08 2019 +0200 lib/adouble: README.Coding fix: multi-line if expression Also remove a TAB. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit f0c8ac47a4608eabeae334d39885aab98198b753 Author: Ralph Boehme <s...@samba.org> Date: Thu Oct 24 17:17:28 2019 +0200 lib/adouble: fix a long line BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit b63069db9fb6efb33b7b917cd5b0ee06b0da9cdc Author: Ralph Boehme <s...@samba.org> Date: Fri Oct 25 15:41:40 2019 +0200 torture: expand test "vfs.fruit.resource fork IO" to check size Reveals a bug where the resource fork size is capped at 65454 bytes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/lib/adouble.c | 57 +++++++++++++++++++++++++-------------------- source4/torture/vfs/fruit.c | 29 +++++++++++++++++++++++ 2 files changed, 61 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c index 5cac5dbd9bb..84198ab2000 100644 --- a/source3/lib/adouble.c +++ b/source3/lib/adouble.c @@ -2151,8 +2151,7 @@ static ssize_t ad_read_rsrc_adouble(vfs_handle_struct *handle, struct adouble *ad, const struct smb_filename *smb_fname) { - char *p_ad = NULL; - size_t size; + size_t to_read; ssize_t len; int ret; bool ok; @@ -2164,35 +2163,26 @@ static ssize_t ad_read_rsrc_adouble(vfs_handle_struct *handle, return -1; } - /* - * AppleDouble file header content and size, two cases: - * - * - without xattrs it is exactly AD_DATASZ_DOT_UND (82) bytes large - * - with embedded xattrs it can be larger, up to AD_XATTR_MAX_HDR_SIZE - * - * Read as much as we can up to AD_XATTR_MAX_HDR_SIZE. - */ - size = ad->ad_fsp->fsp_name->st.st_ex_size; - if (size > talloc_array_length(ad->ad_data)) { - if (size > AD_XATTR_MAX_HDR_SIZE) { - size = AD_XATTR_MAX_HDR_SIZE; - } - p_ad = talloc_realloc(ad, ad->ad_data, char, size); - if (p_ad == NULL) { - return -1; - } - ad->ad_data = p_ad; + to_read = ad->ad_fsp->fsp_name->st.st_ex_size; + if (to_read > AD_XATTR_MAX_HDR_SIZE) { + to_read = AD_XATTR_MAX_HDR_SIZE; } - len = SMB_VFS_NEXT_PREAD(handle, ad->ad_fsp, ad->ad_data, talloc_array_length(ad->ad_data), 0); - if (len != talloc_array_length(ad->ad_data)) { + len = SMB_VFS_NEXT_PREAD(handle, + ad->ad_fsp, + ad->ad_data, + to_read, + 0); + if (len != to_read) { DBG_NOTICE("%s %s: bad size: %zd\n", smb_fname->base_name, strerror(errno), len); return -1; } /* Now parse entries */ - ok = ad_unpack(ad, ADEID_NUM_DOT_UND, size); + ok = ad_unpack(ad, + ADEID_NUM_DOT_UND, + ad->ad_fsp->fsp_name->st.st_ex_size); if (!ok) { DBG_ERR("invalid AppleDouble resource %s\n", smb_fname->base_name); @@ -2202,7 +2192,8 @@ static ssize_t ad_read_rsrc_adouble(vfs_handle_struct *handle, if ((ad_getentryoff(ad, ADEID_FINDERI) != ADEDOFF_FINDERI_DOT_UND) || (ad_getentrylen(ad, ADEID_FINDERI) < ADEDLEN_FINDERI) - || (ad_getentryoff(ad, ADEID_RFORK) < ADEDOFF_RFORK_DOT_UND)) { + || (ad_getentryoff(ad, ADEID_RFORK) < ADEDOFF_RFORK_DOT_UND)) + { DBG_ERR("invalid AppleDouble resource %s\n", smb_fname->base_name); errno = EINVAL; @@ -2282,7 +2273,23 @@ static struct adouble *ad_alloc(TALLOC_CTX *ctx, adsize = AD_DATASZ_XATTR; break; case ADOUBLE_RSRC: - adsize = AD_DATASZ_DOT_UND; + /* + * AppleDouble ._ file case, optimize for fewer (but larger) + * IOs. Two cases: + * + * - without xattrs size of the header is exactly + * AD_DATASZ_DOT_UND (82) bytes + * + * - with embedded xattrs it can be larger, up to + * AD_XATTR_MAX_HDR_SIZE + * + * Larger headers are not supported, but this is a reasonable + * limit that is also employed by the macOS client. + * + * We used the largest possible size to be able to read the full + * header with one IO. + */ + adsize = AD_XATTR_MAX_HDR_SIZE; break; default: return NULL; diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c index 3a6a198a658..94cbf277677 100644 --- a/source4/torture/vfs/fruit.c +++ b/source4/torture/vfs/fruit.c @@ -2397,6 +2397,35 @@ static bool test_write_atalk_rfork_io(struct torture_context *tctx, fname, AFPRESOURCE_STREAM_NAME, (off_t)64*1024*1024, 10, rfork_content); + /* Check size after write */ + + ZERO_STRUCT(io); + io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN; + io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE | + SEC_FILE_WRITE_ATTRIBUTE; + io.smb2.in.fname = rfork; + status = smb2_create(tree, mem_ctx, &(io.smb2)); + CHECK_STATUS(status, NT_STATUS_OK); + filehandle = io.smb2.out.file.handle; + + torture_comment(tctx, "(%s) check resource fork size after write\n", + __location__); + + ZERO_STRUCT(finfo); + finfo.generic.level = RAW_FILEINFO_ALL_INFORMATION; + finfo.generic.in.file.handle = filehandle; + status = smb2_getinfo_file(tree, mem_ctx, &finfo); + CHECK_STATUS(status, NT_STATUS_OK); + if (finfo.all_info.out.size != 64*1024*1024 + 10) { + torture_result(tctx, TORTURE_FAIL, + "(%s) Incorrect resource fork size\n", + __location__); + ret = false; + smb2_util_close(tree, filehandle); + goto done; + } + smb2_util_close(tree, filehandle); + ret &= check_stream(tree, __location__, tctx, mem_ctx, fname, AFPRESOURCE_STREAM_NAME, (off_t)64*1024*1024, 10, 0, 10, rfork_content); -- Samba Shared Repository