Attachment 22293 Details for Bug 58061

[patch] samba-3-0-5.patch

samba-3-0-5.patch (text/plain), 5.60 KB, created by Thomas Biege on 2004-07-20 15:30:27 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Thomas Biege

Created: 2004-07-20 15:30:27 UTC

Size: 5.60 KB

patch

obsolete

>Index: VERSION
>===================================================================
>--- VERSION	(revision 1548)
>+++ VERSION	(working copy)
>@@ -19,7 +19,7 @@
> ########################################################
> SAMBA_VERSION_MAJOR=3
> SAMBA_VERSION_MINOR=0
>-SAMBA_VERSION_RELEASE=4
>+SAMBA_VERSION_RELEASE=5
> 
> ########################################################
> # If a official release has a serious bug              #
>Index: smbd/mangle_hash.c
>===================================================================
>--- smbd/mangle_hash.c	(revision 1548)
>+++ smbd/mangle_hash.c	(working copy)
>@@ -569,7 +569,7 @@
>  * Check for a name on the mangled name stack
>  *
>  *  Input:  s - Input *and* output string buffer.
>- *
>+ *	    maxlen - space in i/o string buffer.
>  *  Output: True if the name was found in the cache, else False.
>  *
>  *  Notes:  If a reverse map is found, the function will overwrite the string
>@@ -580,7 +580,7 @@
>  * ************************************************************************** **
>  */
> 
>-static BOOL check_cache( char *s )
>+static BOOL check_cache( char *s, size_t maxlen )
> {
> 	ubi_cacheEntryPtr FoundPtr;
> 	char             *ext_start = NULL;
>@@ -614,7 +614,7 @@
> 	if( !FoundPtr ) {
> 		if(saved_ext) {
> 			/* Replace the saved_ext as it was truncated. */
>-			(void)pstrcat( s, saved_ext );
>+			(void)safe_strcat( s, saved_ext, maxlen );
> 			SAFE_FREE(saved_ext);
> 		}
> 		return( False );
>@@ -624,10 +624,10 @@
> 	found_name = (char *)(FoundPtr + 1);
> 	found_name += (strlen( found_name ) + 1);
> 
>-	(void)pstrcpy( s, found_name );
>+	(void)safe_strcpy( s, found_name, maxlen );
> 	if( saved_ext ) {
> 		/* Replace the saved_ext as it was truncated. */
>-		(void)pstrcat( s, saved_ext );
>+		(void)safe_strcat( s, saved_ext, maxlen );
> 		SAFE_FREE(saved_ext);
> 	}
> 
>Index: smbd/mangle_hash2.c
>===================================================================
>--- smbd/mangle_hash2.c	(revision 1548)
>+++ smbd/mangle_hash2.c	(working copy)
>@@ -362,10 +362,8 @@
> /*
>   try to find a 8.3 name in the cache, and if found then
>   replace the string with the original long name. 
>-
>-  The filename must be able to hold at least sizeof(fstring) 
> */
>-static BOOL check_cache(char *name)
>+static BOOL check_cache(char *name, size_t maxlen)
> {
> 	u32 hash, multiplier;
> 	unsigned int i;
>@@ -403,10 +401,10 @@
> 
> 	if (extension[0]) {
> 		M_DEBUG(10,("check_cache: %s -> %s.%s\n", name, prefix, extension));
>-		slprintf(name, sizeof(fstring), "%s.%s", prefix, extension);
>+		slprintf(name, maxlen, "%s.%s", prefix, extension);
> 	} else {
> 		M_DEBUG(10,("check_cache: %s -> %s\n", name, prefix));
>-		fstrcpy(name, prefix);
>+		safe_strcpy(name, prefix, maxlen);
> 	}
> 
> 	return True;
>Index: smbd/reply.c
>===================================================================
>--- smbd/reply.c	(revision 1548)
>+++ smbd/reply.c	(working copy)
>@@ -1524,7 +1524,7 @@
> 	 */
> 	
> 	if (!rc && mangle_is_mangled(mask))
>-		mangle_check_cache( mask );
>+		mangle_check_cache( mask, sizeof(pstring)-1 );
> 	
> 	if (!has_wild) {
> 		pstrcat(directory,"/");
>@@ -3664,7 +3664,7 @@
> 	 */
> 
> 	if (!rc && mangle_is_mangled(mask))
>-		mangle_check_cache( mask );
>+		mangle_check_cache( mask, sizeof(pstring)-1 );
> 
> 	has_wild = ms_has_wild(mask);
> 
>@@ -4136,7 +4136,7 @@
> 	 */
> 
> 	if (!rc && mangle_is_mangled(mask))
>-		mangle_check_cache( mask );
>+		mangle_check_cache( mask, sizeof(pstring)-1 );
> 
> 	has_wild = ms_has_wild(mask);
> 
>Index: smbd/mangle.c
>===================================================================
>--- smbd/mangle.c	(revision 1548)
>+++ smbd/mangle.c	(working copy)
>@@ -98,9 +98,9 @@
>   looking for a matching name if it doesn't. It should succeed most of the time
>   or there will be a huge performance penalty
> */
>-BOOL mangle_check_cache(char *s)
>+BOOL mangle_check_cache(char *s, size_t maxlen)
> {
>-	return mangle_fns->check_cache(s);
>+	return mangle_fns->check_cache(s, maxlen);
> }
> 
> /* 
>Index: smbd/filename.c
>===================================================================
>--- smbd/filename.c	(revision 1548)
>+++ smbd/filename.c	(working copy)
>@@ -306,7 +306,7 @@
> 				 */
> 
> 				if (mangle_is_mangled(start)) {
>-					mangle_check_cache( start );
>+					mangle_check_cache( start, sizeof(pstring) - 1 - (start - name) );
> 				}
> 
> 				DEBUG(5,("New file %s\n",start));
>@@ -455,7 +455,7 @@
> 	 * (JRA).
> 	 */
> 	if (mangled)
>-		mangled = !mangle_check_cache( name );
>+		mangled = !mangle_check_cache( name, maxlength );
> 
> 	/* open the directory */
> 	if (!(cur_dir = OpenDir(conn, path, True))) {
>Index: lib/util_str.c
>===================================================================
>--- lib/util_str.c	(revision 1548)
>+++ lib/util_str.c	(working copy)
>@@ -1951,7 +1951,9 @@
> 		s++; i++;
> 	}
> 
>-	if (*s == '=') n -= 1;
>+	if ((n > 0) && (*s == '=')) {
>+		n -= 1;
>+	}
> 
> 	/* fix up length */
> 	decoded.length = n;
>@@ -1964,10 +1966,16 @@
> void base64_decode_inplace(char *s)
> {
> 	DATA_BLOB decoded = base64_decode_data_blob(s);
>-	memcpy(s, decoded.data, decoded.length);
>-	/* null terminate */
>-	s[decoded.length] = '\0';
> 
>+	if ( decoded.length != 0 ) {
>+		memcpy(s, decoded.data, decoded.length);
>+
>+		/* null terminate */
>+		s[decoded.length] = '\0';
>+	} else {
>+		*s = '\0';
>+	}
>+
> 	data_blob_free(&decoded);
> }
> 
>Index: include/mangle.h
>===================================================================
>--- include/mangle.h	(revision 1548)
>+++ include/mangle.h	(working copy)
>@@ -8,7 +8,7 @@
> 	BOOL (*is_mangled)(const char *s);
> 	BOOL (*is_8_3)(const char *fname, BOOL check_case, BOOL allow_wildcards);
> 	void (*reset)(void);
>-	BOOL (*check_cache)(char *s);
>+	BOOL (*check_cache)(char *s, size_t maxlen);
> 	void (*name_map)(char *OutName, BOOL need83, BOOL cache83);
> };
> #endif /* _MANGLE_H_ */

Actions: View | Diff

Attachments on bug 58061: 22293