FreeBSD Bugzilla – Attachment 193656 Details for
Bug 228462
net/samba47: Samba's vfs_streams_xattr triggers corruption of first byte in AFP_AfpInfo stream/xattr
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible patch for 4.7, may apply to other versions
bug228462-v47.patch (text/plain), 5.24 KB, created by
slow
on 2018-05-24 14:53:16 UTC
(
hide
)
Description:
Possible patch for 4.7, may apply to other versions
Filename:
MIME Type:
Creator:
slow
Created:
2018-05-24 14:53:16 UTC
Size:
5.24 KB
patch
obsolete
>From 3683aa89db98646c8bd48df91c85ef3a40e03dd7 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 18 May 2018 20:12:52 +0200 >Subject: [PATCH 1/3] vfs_streams_xattr: don't append 0 byte when creating > xattr > >Upstream Samba always appends an internal 0-byte to xattrs to cope >with filesytems or systems that don't support 0-byte sized xattrs. > >An older patch already remove this behaviour from the read and write >code paths, but didn't remove it from the create codepath. > >FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_streams_xattr.c | 5 +---- > 1 file changed, 1 insertion(+), 4 deletions(-) > >diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c >index ef6eed7ef7c..13ce8b8f85d 100644 >--- a/source3/modules/vfs_streams_xattr.c >+++ b/source3/modules/vfs_streams_xattr.c >@@ -530,9 +530,6 @@ static int streams_xattr_open(vfs_handle_struct *handle, > * The attribute does not exist or needs to be truncated > */ > >- /* >- * Darn, xattrs need at least 1 byte >- */ > char null = '\0'; > > DEBUG(10, ("creating or truncating attribute %s on file %s\n", >@@ -541,7 +538,7 @@ static int streams_xattr_open(vfs_handle_struct *handle, > ret = SMB_VFS_SETXATTR(fsp->conn, > smb_fname, > xattr_name, >- &null, sizeof(null), >+ &null, 0, > flags & O_EXCL ? XATTR_CREATE : 0); > if (ret != 0) { > goto fail; >-- >2.16.3 > > >From 2fac8a4a2830f79e0824d0caa1d369eab77e8f0f Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Thu, 24 May 2018 15:59:48 +0200 >Subject: [PATCH 2/3] vfs_fruit: add smb_fname arg to afpinfo_unpack > >Not used for now, will be used in the next commit. > >FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_fruit.c | 13 ++++++++----- > 1 file changed, 8 insertions(+), 5 deletions(-) > >diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c >index 857a4caec09..59240022e28 100644 >--- a/source3/modules/vfs_fruit.c >+++ b/source3/modules/vfs_fruit.c >@@ -483,8 +483,9 @@ static int adouble_path(TALLOC_CTX *ctx, > struct smb_filename **ppsmb_fname_out); > static AfpInfo *afpinfo_new(TALLOC_CTX *ctx); > static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf); >-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data); >- >+static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, >+ const void *data, >+ const struct smb_filename *smb_fname); > > /** > * Return a pointer to an AppleDouble entry >@@ -2065,7 +2066,9 @@ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf) > * Buffer size must be at least AFP_INFO_SIZE > * Returns allocated AfpInfo struct > **/ >-static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data) >+static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, >+ const void *data, >+ const struct smb_filename *smb_fname) > { > AfpInfo *ai = talloc_zero(ctx, AfpInfo); > if (ai == NULL) { >@@ -4186,7 +4189,7 @@ static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle, > size_t nwritten; > bool ok; > >- ai = afpinfo_unpack(talloc_tos(), data); >+ ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name); > if (ai == NULL) { > return -1; > } >@@ -4224,7 +4227,7 @@ static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle, > int ret; > bool ok; > >- ai = afpinfo_unpack(talloc_tos(), data); >+ ai = afpinfo_unpack(talloc_tos(), data, fsp->fsp_name); > if (ai == NULL) { > return -1; > } >-- >2.16.3 > > >From d84ca5e8a4b8a97992e09eac95633ce02ae913b7 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Thu, 24 May 2018 16:00:40 +0200 >Subject: [PATCH 3/3] vfs_fruit: allow broken AFP_Signature where the first > byte is 0 > >FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0 >instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be >parsed by afpinfo_unpack(). > >FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_fruit.c | 18 +++++++++++++++--- > 1 file changed, 15 insertions(+), 3 deletions(-) > >diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c >index 59240022e28..a8a87845c32 100644 >--- a/source3/modules/vfs_fruit.c >+++ b/source3/modules/vfs_fruit.c >@@ -2060,6 +2060,8 @@ static ssize_t afpinfo_pack(const AfpInfo *ai, char *buf) > return AFP_INFO_SIZE; > } > >+#define BROKEN_FREEBSD_AFP_Signature 0x00465000 >+ > /** > * Unpack a buffer into a AfpInfo structure > * >@@ -2081,10 +2083,20 @@ static AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, > memcpy(ai->afpi_FinderInfo, (const char *)data + 16, > sizeof(ai->afpi_FinderInfo)); > >- if (ai->afpi_Signature != AFP_Signature >- || ai->afpi_Version != AFP_Version) { >- DEBUG(1, ("Bad AfpInfo signature or version\n")); >+ if (ai->afpi_Version != AFP_Version) { >+ DBG_ERR("Bad AfpInfo version\n"); > TALLOC_FREE(ai); >+ return NULL; >+ } >+ if (ai->afpi_Signature != AFP_Signature) { >+ DBG_WARNING("Bad signature [%x] on [%s]\n", >+ ai->afpi_Signature, smb_fname_str_dbg(smb_fname)); >+ >+ if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) { >+ DBG_ERR("Bad AfpInfo signature\n"); >+ TALLOC_FREE(ai); >+ return NULL; >+ } > } > > return ai; >-- >2.16.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 228462
:
193656
|
194034
|
194644