|
|
5b24164 |
diff -ur samba-3.0.27.orig/source/smbd/negprot.c samba-3.0.27/source/smbd/negprot.c
|
|
|
5b24164 |
--- samba-3.0.27.orig/source/smbd/negprot.c 2007-11-14 22:15:04.000000000 -0500
|
|
|
5b24164 |
+++ samba-3.0.27/source/smbd/negprot.c 2007-11-19 15:43:27.000000000 -0500
|
|
|
5b24164 |
@@ -346,7 +346,7 @@
|
|
|
5b24164 |
SCVAL(outbuf,smb_vwv16+1,8);
|
|
|
5b24164 |
p += 8;
|
|
|
5b24164 |
}
|
|
|
5b24164 |
- p += srvstr_push(outbuf, p, lp_workgroup(), -1,
|
|
|
5b24164 |
+ p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p-outbuf),
|
|
|
5b24164 |
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
|
|
|
5b24164 |
DEBUG(3,("not using SPNEGO\n"));
|
|
|
5b24164 |
} else {
|
|
|
5b24164 |
diff -ur samba-3.0.27.orig/source/smbd/reply.c samba-3.0.27/source/smbd/reply.c
|
|
|
5b24164 |
--- samba-3.0.27.orig/source/smbd/reply.c 2007-11-14 22:15:04.000000000 -0500
|
|
|
5b24164 |
+++ samba-3.0.27/source/smbd/reply.c 2007-11-19 15:43:27.000000000 -0500
|
|
|
5b24164 |
@@ -524,7 +524,7 @@
|
|
|
5b24164 |
if (Protocol < PROTOCOL_NT1) {
|
|
|
5b24164 |
set_message(outbuf,2,0,True);
|
|
|
5b24164 |
p = smb_buf(outbuf);
|
|
|
5b24164 |
- p += srvstr_push(outbuf, p, server_devicetype, -1,
|
|
|
5b24164 |
+ p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p - outbuf),
|
|
|
5b24164 |
STR_TERMINATE|STR_ASCII);
|
|
|
5b24164 |
set_message_end(outbuf,p);
|
|
|
5b24164 |
} else {
|
|
|
5b24164 |
@@ -554,9 +554,9 @@
|
|
|
5b24164 |
}
|
|
|
5b24164 |
|
|
|
5b24164 |
p = smb_buf(outbuf);
|
|
|
5b24164 |
- p += srvstr_push(outbuf, p, server_devicetype, -1,
|
|
|
5b24164 |
+ p += srvstr_push(outbuf, p, server_devicetype, BUFFER_SIZE - (p - outbuf),
|
|
|
5b24164 |
STR_TERMINATE|STR_ASCII);
|
|
|
5b24164 |
- p += srvstr_push(outbuf, p, fstype, -1,
|
|
|
5b24164 |
+ p += srvstr_push(outbuf, p, fstype, BUFFER_SIZE - (p - outbuf),
|
|
|
5b24164 |
STR_TERMINATE);
|
|
|
5b24164 |
|
|
|
5b24164 |
set_message_end(outbuf,p);
|
|
|
5b24164 |
@@ -1766,7 +1766,7 @@
|
|
|
5b24164 |
thing in the byte section. JRA */
|
|
|
5b24164 |
SSVALS(p, 0, -1); /* what is this? not in spec */
|
|
|
5b24164 |
#endif
|
|
|
5b24164 |
- namelen = srvstr_push(outbuf, p, s, -1, STR_ASCII|STR_TERMINATE);
|
|
|
5b24164 |
+ namelen = srvstr_push(outbuf, p, s, BUFFER_SIZE - (p - outbuf), STR_ASCII|STR_TERMINATE);
|
|
|
5b24164 |
p += namelen;
|
|
|
5b24164 |
outsize = set_message_end(outbuf, p);
|
|
|
5b24164 |
|
|
|
5b24164 |
diff -ur samba-3.0.27.orig/source/smbd/sesssetup.c samba-3.0.27/source/smbd/sesssetup.c
|
|
|
5b24164 |
--- samba-3.0.27.orig/source/smbd/sesssetup.c 2007-11-14 22:15:04.000000000 -0500
|
|
|
5b24164 |
+++ samba-3.0.27/source/smbd/sesssetup.c 2007-11-19 15:45:34.000000000 -0500
|
|
|
5b24164 |
@@ -68,9 +68,9 @@
|
|
|
5b24164 |
|
|
|
5b24164 |
fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);
|
|
|
5b24164 |
|
|
|
5b24164 |
- p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);
|
|
|
5b24164 |
- p += srvstr_push(outbuf, p, lanman, -1, STR_TERMINATE);
|
|
|
5b24164 |
- p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);
|
|
|
5b24164 |
+ p += srvstr_push(outbuf, p, "Unix", BUFFER_SIZE - (p - outbuf), STR_TERMINATE);
|
|
|
5b24164 |
+ p += srvstr_push(outbuf, p, lanman, BUFFER_SIZE - (p - outbuf), STR_TERMINATE);
|
|
|
5b24164 |
+ p += srvstr_push(outbuf, p, lp_workgroup(), BUFFER_SIZE - (p - outbuf), STR_TERMINATE);
|
|
|
5b24164 |
|
|
|
5b24164 |
return PTR_DIFF(p, start);
|
|
|
5b24164 |
}
|
|
|
5b24164 |
diff -ur samba-3.0.27.orig/source/smbd/srvstr.c samba-3.0.27/source/smbd/srvstr.c
|
|
|
5b24164 |
--- samba-3.0.27.orig/source/smbd/srvstr.c 2007-11-14 22:15:04.000000000 -0500
|
|
|
5b24164 |
+++ samba-3.0.27/source/smbd/srvstr.c 2007-11-19 15:43:27.000000000 -0500
|
|
|
5b24164 |
@@ -28,17 +28,10 @@
|
|
|
5b24164 |
const char *base_ptr, void *dest,
|
|
|
5b24164 |
const char *src, int dest_len, int flags)
|
|
|
5b24164 |
{
|
|
|
5b24164 |
- size_t buf_used = PTR_DIFF(dest, base_ptr);
|
|
|
5b24164 |
- if (dest_len == -1) {
|
|
|
5b24164 |
- if (((ptrdiff_t)dest < (ptrdiff_t)base_ptr) || (buf_used > (size_t)max_send)) {
|
|
|
5b24164 |
-#if 0
|
|
|
5b24164 |
- DEBUG(0, ("Pushing string of 'unlimited' length into non-SMB buffer!\n"));
|
|
|
5b24164 |
-#endif
|
|
|
5b24164 |
- return push_string_fn(function, line, base_ptr, dest, src, -1, flags);
|
|
|
5b24164 |
- }
|
|
|
5b24164 |
- return push_string_fn(function, line, base_ptr, dest, src, max_send - buf_used, flags);
|
|
|
5b24164 |
+ if (dest_len < 0) {
|
|
|
5b24164 |
+ return 0;
|
|
|
5b24164 |
}
|
|
|
5b24164 |
-
|
|
|
5b24164 |
+
|
|
|
5b24164 |
/* 'normal' push into size-specified buffer */
|
|
|
5b24164 |
return push_string_fn(function, line, base_ptr, dest, src, dest_len, flags);
|
|
|
5b24164 |
}
|
|
|
5b24164 |
diff -ur samba-3.0.27.orig/source/smbd/trans2.c samba-3.0.27/source/smbd/trans2.c
|
|
|
5b24164 |
--- samba-3.0.27.orig/source/smbd/trans2.c 2007-11-14 22:15:04.000000000 -0500
|
|
|
5b24164 |
+++ samba-3.0.27/source/smbd/trans2.c 2007-11-19 15:43:27.000000000 -0500
|
|
|
5b24164 |
@@ -1283,7 +1283,7 @@
|
|
|
5b24164 |
p += 23;
|
|
|
5b24164 |
nameptr = p;
|
|
|
5b24164 |
p += align_string(outbuf, p, 0);
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE);
|
|
|
5b24164 |
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
|
|
|
5b24164 |
if (len > 2) {
|
|
|
5b24164 |
SCVAL(nameptr, -1, len - 2);
|
|
|
5b24164 |
@@ -1318,7 +1318,7 @@
|
|
|
5b24164 |
}
|
|
|
5b24164 |
p += 27;
|
|
|
5b24164 |
nameptr = p - 1;
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE | STR_NOALIGN);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE | STR_NOALIGN);
|
|
|
5b24164 |
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
|
|
|
5b24164 |
if (len > 2) {
|
|
|
5b24164 |
len -= 2;
|
|
|
5b24164 |
@@ -1372,9 +1372,9 @@
|
|
|
5b24164 |
}
|
|
|
5b24164 |
|
|
|
5b24164 |
/* Push the ea_data followed by the name. */
|
|
|
5b24164 |
- p += fill_ea_buffer(ea_ctx, p, space_remaining, conn, name_list);
|
|
|
5b24164 |
+ p += fill_ea_buffer(ea_ctx, p, space_remaining - (p - pdata), conn, name_list);
|
|
|
5b24164 |
nameptr = p;
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p + 1, fname, -1, STR_TERMINATE | STR_NOALIGN);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p + 1, fname, space_remaining - (p - pdata), STR_TERMINATE | STR_NOALIGN);
|
|
|
5b24164 |
if (SVAL(outbuf, smb_flg2) & FLAGS2_UNICODE_STRINGS) {
|
|
|
5b24164 |
if (len > 2) {
|
|
|
5b24164 |
len -= 2;
|
|
|
5b24164 |
@@ -1431,7 +1431,7 @@
|
|
|
5b24164 |
memset(p,'\0',26);
|
|
|
5b24164 |
}
|
|
|
5b24164 |
p += 2 + 24;
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
|
|
|
5b24164 |
SIVAL(q,0,len);
|
|
|
5b24164 |
p += len;
|
|
|
5b24164 |
SIVAL(p,0,0); /* Ensure any padding is null. */
|
|
|
5b24164 |
@@ -1452,7 +1452,7 @@
|
|
|
5b24164 |
SOFF_T(p,0,file_size); p += 8;
|
|
|
5b24164 |
SOFF_T(p,0,allocation_size); p += 8;
|
|
|
5b24164 |
SIVAL(p,0,nt_extmode); p += 4;
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p + 4, fname, -1, STR_TERMINATE_ASCII);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p + 4, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
|
|
|
5b24164 |
SIVAL(p,0,len);
|
|
|
5b24164 |
p += 4 + len;
|
|
|
5b24164 |
SIVAL(p,0,0); /* Ensure any padding is null. */
|
|
|
5b24164 |
@@ -1479,7 +1479,7 @@
|
|
|
5b24164 |
SIVAL(p,0,ea_size); /* Extended attributes */
|
|
|
5b24164 |
p +=4;
|
|
|
5b24164 |
}
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
|
|
|
5b24164 |
SIVAL(q, 0, len);
|
|
|
5b24164 |
p += len;
|
|
|
5b24164 |
|
|
|
5b24164 |
@@ -1497,7 +1497,7 @@
|
|
|
5b24164 |
p += 4;
|
|
|
5b24164 |
/* this must *not* be null terminated or w2k gets in a loop trying to set an
|
|
|
5b24164 |
acl on a dir (tridge) */
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
|
|
|
5b24164 |
SIVAL(p, -4, len);
|
|
|
5b24164 |
p += len;
|
|
|
5b24164 |
SIVAL(p,0,0); /* Ensure any padding is null. */
|
|
|
5b24164 |
@@ -1527,7 +1527,7 @@
|
|
|
5b24164 |
SIVAL(p,0,0); p += 4; /* Unknown - reserved ? */
|
|
|
5b24164 |
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
|
|
|
5b24164 |
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
|
|
|
5b24164 |
SIVAL(q, 0, len);
|
|
|
5b24164 |
p += len;
|
|
|
5b24164 |
SIVAL(p,0,0); /* Ensure any padding is null. */
|
|
|
5b24164 |
@@ -1578,7 +1578,7 @@
|
|
|
5b24164 |
SSVAL(p,0,0); p += 2; /* Reserved ? */
|
|
|
5b24164 |
SIVAL(p,0,sbuf.st_ino); p += 4; /* FileIndexLow */
|
|
|
5b24164 |
SIVAL(p,0,sbuf.st_dev); p += 4; /* FileIndexHigh */
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE_ASCII);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE_ASCII);
|
|
|
5b24164 |
SIVAL(q,0,len);
|
|
|
5b24164 |
p += len;
|
|
|
5b24164 |
SIVAL(p,0,0); /* Ensure any padding is null. */
|
|
|
5b24164 |
@@ -1601,14 +1601,14 @@
|
|
|
5b24164 |
DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_UNIX\n"));
|
|
|
5b24164 |
p = store_file_unix_basic(conn, p,
|
|
|
5b24164 |
NULL, &sbuf);
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, STR_TERMINATE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), STR_TERMINATE);
|
|
|
5b24164 |
} else {
|
|
|
5b24164 |
DEBUG(10,("get_lanman2_dir_entry: SMB_FIND_FILE_UNIX_INFO2\n"));
|
|
|
5b24164 |
p = store_file_unix_basic_info2(conn, p,
|
|
|
5b24164 |
NULL, &sbuf);
|
|
|
5b24164 |
nameptr = p;
|
|
|
5b24164 |
p += 4;
|
|
|
5b24164 |
- len = srvstr_push(outbuf, p, fname, -1, 0);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, p, fname, space_remaining - (p - pdata), 0);
|
|
|
5b24164 |
SIVAL(nameptr, 0, len);
|
|
|
5b24164 |
}
|
|
|
5b24164 |
|
|
|
5b24164 |
@@ -2309,7 +2309,7 @@
|
|
|
5b24164 |
* this call so try fixing this by adding a terminating null to
|
|
|
5b24164 |
* the pushed string. The change here was adding the STR_TERMINATE. JRA.
|
|
|
5b24164 |
*/
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname, -1, STR_NOALIGN|STR_TERMINATE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata+l2_vol_szVolLabel, vname, max_data_bytes - l2_vol_szVolLabel, STR_NOALIGN|STR_TERMINATE);
|
|
|
5b24164 |
SCVAL(pdata,l2_vol_cch,len);
|
|
|
5b24164 |
data_len = l2_vol_szVolLabel + len;
|
|
|
5b24164 |
DEBUG(5,("call_trans2qfsinfo : time = %x, namelen = %d, name = %s\n",
|
|
|
5b24164 |
@@ -2331,14 +2331,14 @@
|
|
|
5b24164 |
SIVAL(pdata,4,255); /* Max filename component length */
|
|
|
5b24164 |
/* NOTE! the fstype must *not* be null terminated or win98 won't recognise it
|
|
|
5b24164 |
and will think we can't do long filenames */
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata+12, fstype, -1, STR_UNICODE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata+12, fstype, max_data_bytes - 12, STR_UNICODE);
|
|
|
5b24164 |
SIVAL(pdata,8,len);
|
|
|
5b24164 |
data_len = 12 + len;
|
|
|
5b24164 |
break;
|
|
|
5b24164 |
|
|
|
5b24164 |
case SMB_QUERY_FS_LABEL_INFO:
|
|
|
5b24164 |
case SMB_FS_LABEL_INFORMATION:
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata+4, vname, -1, 0);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata+4, vname, max_data_bytes - 4, 0);
|
|
|
5b24164 |
data_len = 4 + len;
|
|
|
5b24164 |
SIVAL(pdata,0,len);
|
|
|
5b24164 |
break;
|
|
|
5b24164 |
@@ -2354,7 +2354,7 @@
|
|
|
5b24164 |
(str_checksum(get_local_machine_name())<<16));
|
|
|
5b24164 |
|
|
|
5b24164 |
/* Max label len is 32 characters. */
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata+18, vname, -1, STR_UNICODE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata+18, vname, max_data_bytes - 18, STR_UNICODE);
|
|
|
5b24164 |
SIVAL(pdata,12,len);
|
|
|
5b24164 |
data_len = 18+len;
|
|
|
5b24164 |
|
|
|
5b24164 |
@@ -3589,7 +3589,7 @@
|
|
|
5b24164 |
if(!mangle_is_8_3(short_name, True, conn->params)) {
|
|
|
5b24164 |
mangle_map(short_name,True,True,conn->params);
|
|
|
5b24164 |
}
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata+4, short_name, -1, STR_UNICODE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata+4, short_name, max_data_bytes - 4, STR_UNICODE);
|
|
|
5b24164 |
data_size = 4 + len;
|
|
|
5b24164 |
SIVAL(pdata,0,len);
|
|
|
5b24164 |
break;
|
|
|
5b24164 |
@@ -3599,7 +3599,7 @@
|
|
|
5b24164 |
/*
|
|
|
5b24164 |
this must be *exactly* right for ACLs on mapped drives to work
|
|
|
5b24164 |
*/
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_UNICODE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata+4, dos_fname, max_data_bytes - 4, STR_UNICODE);
|
|
|
5b24164 |
DEBUG(10,("call_trans2qfilepathinfo: SMB_QUERY_FILE_NAME_INFO\n"));
|
|
|
5b24164 |
data_size = 4 + len;
|
|
|
5b24164 |
SIVAL(pdata,0,len);
|
|
|
5b24164 |
@@ -3640,7 +3640,7 @@
|
|
|
5b24164 |
pdata += 24;
|
|
|
5b24164 |
SIVAL(pdata,0,ea_size);
|
|
|
5b24164 |
pdata += 4; /* EA info */
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata+4, dos_fname, -1, STR_UNICODE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata+4, dos_fname, max_data_bytes - (pdata+4 - *ppdata), STR_UNICODE);
|
|
|
5b24164 |
SIVAL(pdata,0,len);
|
|
|
5b24164 |
pdata += 4 + len;
|
|
|
5b24164 |
data_size = PTR_DIFF(pdata,(*ppdata));
|
|
|
5b24164 |
@@ -3802,7 +3802,7 @@
|
|
|
5b24164 |
if (len == -1)
|
|
|
5b24164 |
return(UNIXERROR(ERRDOS,ERRnoaccess));
|
|
|
5b24164 |
buffer[len] = 0;
|
|
|
5b24164 |
- len = srvstr_push(outbuf, pdata, buffer, -1, STR_TERMINATE);
|
|
|
5b24164 |
+ len = srvstr_push(outbuf, pdata, buffer, max_data_bytes, STR_TERMINATE);
|
|
|
5b24164 |
pdata += len;
|
|
|
5b24164 |
data_size = PTR_DIFF(pdata,(*ppdata));
|
|
|
5b24164 |
|
|
|
5b24164 |
Only in samba-3.0.27/source/smbd: trans2.c.rej
|