summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2014-08-26 15:05:24 -0700
committerDavid Disseldorp <ddiss@samba.org>2014-09-16 01:56:55 +0200
commit2fc8d0e0e85cd118f114f234a7eac3902d01c32e (patch)
tree111fee8c5f9fc285d4fef7248df1f98696977390
parentc9877eaf1b0ee83e4227483cb6891f94712bd32f (diff)
downloadsamba-2fc8d0e0e85cd118f114f234a7eac3902d01c32e.tar.gz
samba-2fc8d0e0e85cd118f114f234a7eac3902d01c32e.tar.xz
samba-2fc8d0e0e85cd118f114f234a7eac3902d01c32e.zip
s3: smbd: Change get_lanman2_dir_entry() to return the full NTSTATUS.
Handle the errors correctly at the level above inside the SMB1 server. Bug 10775 - smbd crashes when accessing garbage filenames https://bugzilla.samba.org/show_bug.cgi?id=10775 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Diffstat
-rw-r--r--source3/smbd/trans2.c52
1 files changed, 32 insertions, 20 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index e4d64e80f4..6a66f3b87f 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2313,7 +2313,7 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
return NT_STATUS_OK;
}
-static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
+static NTSTATUS get_lanman2_dir_entry(TALLOC_CTX *ctx,
connection_struct *conn,
struct dptr_struct *dirptr,
uint16 flags2,
@@ -2327,23 +2327,19 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
char *base_data,
char *end_data,
int space_remaining,
- bool *out_of_space,
bool *got_exact_match,
int *last_entry_off,
struct ea_list *name_list)
{
uint8_t align = 4;
const bool do_pad = true;
- NTSTATUS status;
-
- *out_of_space = false;
if (info_level >= 1 && info_level <= 3) {
/* No alignment on earlier info levels. */
align = 1;
}
- status = smbd_dirptr_lanman2_entry(ctx, conn, dirptr, flags2,
+ return smbd_dirptr_lanman2_entry(ctx, conn, dirptr, flags2,
path_mask, dirtype, info_level,
requires_resume_key, dont_descend, ask_sharemode,
align, do_pad,
@@ -2351,10 +2347,6 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx,
space_remaining,
got_exact_match,
last_entry_off, name_list);
- if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
- *out_of_space = true;
- }
- return NT_STATUS_IS_OK(status);
}
/****************************************************************************
@@ -2628,7 +2620,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
out_of_space = True;
finished = False;
} else {
- finished = !get_lanman2_dir_entry(ctx,
+ ntstatus = get_lanman2_dir_entry(ctx,
conn,
dirptr,
req->flags2,
@@ -2636,14 +2628,24 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
requires_resume_key,dont_descend,
ask_sharemode,
&p,pdata,data_end,
- space_remaining, &out_of_space,
+ space_remaining,
&got_exact_match,
&last_entry_off, ea_list);
+ if (NT_STATUS_EQUAL(ntstatus,
+ NT_STATUS_ILLEGAL_CHARACTER)) {
+ /*
+ * Bad character conversion on name. Ignore this
+ * entry.
+ */
+ continue;
+ }
+ if (NT_STATUS_EQUAL(ntstatus, STATUS_MORE_ENTRIES)) {
+ out_of_space = true;
+ } else {
+ finished = !NT_STATUS_IS_OK(ntstatus);
+ }
}
- if (finished && out_of_space)
- finished = False;
-
if (!finished && !out_of_space)
numentries++;
@@ -3004,7 +3006,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
out_of_space = True;
finished = False;
} else {
- finished = !get_lanman2_dir_entry(ctx,
+ ntstatus = get_lanman2_dir_entry(ctx,
conn,
dirptr,
req->flags2,
@@ -3012,14 +3014,24 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
requires_resume_key,dont_descend,
ask_sharemode,
&p,pdata,data_end,
- space_remaining, &out_of_space,
+ space_remaining,
&got_exact_match,
&last_entry_off, ea_list);
+ if (NT_STATUS_EQUAL(ntstatus,
+ NT_STATUS_ILLEGAL_CHARACTER)) {
+ /*
+ * Bad character conversion on name. Ignore this
+ * entry.
+ */
+ continue;
+ }
+ if (NT_STATUS_EQUAL(ntstatus, STATUS_MORE_ENTRIES)) {
+ out_of_space = true;
+ } else {
+ finished = !NT_STATUS_IS_OK(ntstatus);
+ }
}
- if (finished && out_of_space)
- finished = False;
-
if (!finished && !out_of_space)
numentries++;
generated by cgit (git 2.34.1) at 2025-09-24 23:01:45 +0000