Changeset 134 for branches/samba-3.0/source/smbd
- Timestamp:
- May 23, 2008, 6:56:41 AM (17 years ago)
- Location:
- branches/samba-3.0/source/smbd
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/smbd/chgpasswd.c
r124 r134 155 155 return (False); 156 156 } 157 #if defined(TIOCSCTTY) 157 #if defined(TIOCSCTTY) && !defined(SUNOS5) 158 /* 159 * On patched Solaris 10 TIOCSCTTY is defined but seems not to work, 160 * see the discussion under 161 * https://bugzilla.samba.org/show_bug.cgi?id=5366. 162 */ 158 163 if (ioctl(slave, TIOCSCTTY, 0) < 0) 159 164 { -
branches/samba-3.0/source/smbd/conn.c
r39 r134 65 65 } 66 66 67 68 /**************************************************************************** 69 find a conn given a cnum 70 ****************************************************************************/ 67 /**************************************************************************** 68 Find a conn given a cnum. 69 ****************************************************************************/ 70 71 71 connection_struct *conn_find(unsigned cnum) 72 72 { … … 85 85 return NULL; 86 86 } 87 88 87 89 88 /**************************************************************************** -
branches/samba-3.0/source/smbd/ipc.c
r26 r134 435 435 unsigned int psoff = SVAL(inbuf, smb_psoff); 436 436 unsigned int pscnt = SVAL(inbuf, smb_pscnt); 437 unsigned int av_size = size-4; 437 438 struct trans_state *state; 438 439 NTSTATUS result; … … 490 491 /* null-terminate the slack space */ 491 492 memset(&state->data[state->total_data], 0, 100); 492 if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) 493 goto bad_param; 494 if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) || 495 (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf))) 496 goto bad_param; 493 494 if (dscnt > state->total_data || 495 dsoff+dscnt < dsoff) { 496 goto bad_param; 497 } 498 499 if (dsoff > av_size || 500 dscnt > av_size || 501 dsoff+dscnt > av_size) { 502 goto bad_param; 503 } 497 504 498 505 memcpy(state->data,smb_base(inbuf)+dsoff,dscnt); … … 513 520 /* null-terminate the slack space */ 514 521 memset(&state->param[state->total_param], 0, 100); 515 if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) 516 goto bad_param; 517 if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || 518 (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))) 519 goto bad_param; 522 523 if (pscnt > state->total_param || 524 psoff+pscnt < psoff) { 525 goto bad_param; 526 } 527 528 if (psoff > av_size || 529 pscnt > av_size || 530 psoff+pscnt > av_size) { 531 goto bad_param; 532 } 520 533 521 534 memcpy(state->param,smb_base(inbuf)+psoff,pscnt); … … 601 614 int outsize = 0; 602 615 unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; 616 unsigned int av_size = size-4; 603 617 struct trans_state *state; 604 618 NTSTATUS result; … … 644 658 645 659 if (pcnt) { 646 if (pdisp+pcnt > state->total_param) 647 goto bad_param; 648 if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) 649 goto bad_param; 650 if (pdisp > state->total_param) 651 goto bad_param; 652 if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || 653 (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) 654 goto bad_param; 655 if (state->param + pdisp < state->param) 656 goto bad_param; 660 if (pdisp > state->total_param || 661 pcnt > state->total_param || 662 pdisp+pcnt > state->total_param || 663 pdisp+pcnt < pdisp) { 664 goto bad_param; 665 } 666 667 if (poff > av_size || 668 pcnt > av_size || 669 poff+pcnt > av_size || 670 poff+pcnt < poff) { 671 goto bad_param; 672 } 657 673 658 674 memcpy(state->param+pdisp,smb_base(inbuf)+poff, … … 661 677 662 678 if (dcnt) { 663 if (ddisp+dcnt > state->total_data) 664 goto bad_param; 665 if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) 666 goto bad_param; 667 if (ddisp > state->total_data) 668 goto bad_param; 669 if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || 670 (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) 671 goto bad_param; 672 if (state->data + ddisp < state->data) 673 goto bad_param; 679 if (ddisp > state->total_data || 680 dcnt > state->total_data || 681 ddisp+dcnt > state->total_data || 682 ddisp+dcnt < ddisp) { 683 goto bad_param; 684 } 685 686 if (ddisp > av_size || 687 dcnt > av_size || 688 ddisp+dcnt > av_size || 689 ddisp+dcnt < ddisp) { 690 goto bad_param; 691 } 674 692 675 693 memcpy(state->data+ddisp, smb_base(inbuf)+doff, -
branches/samba-3.0/source/smbd/msdfs.c
r62 r134 34 34 We cope with either here. 35 35 36 If conn != NULL then ensure the provided service is 37 the one pointed to by the connection. 38 36 39 Unfortunately, due to broken clients who might set the 37 40 SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES bit and then … … 41 44 **********************************************************************/ 42 45 43 static NTSTATUS parse_dfs_path(const char *pathname, 46 static NTSTATUS parse_dfs_path(connection_struct *conn, 47 const char *pathname, 44 48 BOOL allow_wcards, 45 49 struct dfs_path *pdp, … … 47 51 { 48 52 pstring pathname_local; 49 char *p,*temp ;53 char *p,*temp, *servicename; 50 54 NTSTATUS status = NT_STATUS_OK; 51 55 char sepchar; … … 107 111 DEBUG(10,("parse_dfs_path: hostname: %s\n",pdp->hostname)); 108 112 109 /* If we got a hostname, is it ours (or an IP address) ? */ 110 if (!is_myname_or_ipaddr(pdp->hostname)) { 111 /* Repair path. */ 112 *p = sepchar; 113 DEBUG(10,("parse_dfs_path: hostname %s isn't ours. Try local path from path %s\n", 114 pdp->hostname, temp)); 113 /* Parse out servicename. */ 114 servicename = p+1; 115 p = strchr_m(servicename,sepchar); 116 if (p) { 117 *p = '\0'; 118 } 119 120 /* Is this really our servicename ? */ 121 if (conn && !( strequal(servicename, lp_servicename(SNUM(conn))) 122 || (strequal(servicename, HOMES_NAME) 123 && strequal(lp_servicename(SNUM(conn)), 124 get_current_username()) )) ) { 125 126 DEBUG(10,("parse_dfs_path: %s is not our servicename\n", 127 servicename)); 128 115 129 /* 116 130 * Possibly client sent a local path by mistake. … … 121 135 pdp->servicename[0] = '\0'; 122 136 137 /* Repair the path - replace the sepchar's 138 we nulled out */ 139 servicename--; 140 *servicename = sepchar; 141 if (p) { 142 *p = sepchar; 143 } 144 123 145 p = temp; 124 DEBUG(10,("parse_dfs_path: trying to convert %s to a local path\n", 146 DEBUG(10,("parse_dfs_path: trying to convert %s " 147 "to a local path\n", 125 148 temp)); 126 149 goto local_path; 127 150 } 128 151 129 /* Parse out servicename. */ 130 temp = p+1; 131 p = strchr_m(temp,sepchar); 152 fstrcpy(pdp->servicename,servicename); 153 154 DEBUG(10,("parse_dfs_path: servicename: %s\n",pdp->servicename)); 155 132 156 if(p == NULL) { 133 fstrcpy(pdp->servicename,temp);134 157 pdp->reqpath[0] = '\0'; 135 158 return NT_STATUS_OK; 136 159 } 137 *p = '\0';138 fstrcpy(pdp->servicename,temp);139 DEBUG(10,("parse_dfs_path: servicename: %s\n",pdp->servicename));140 141 160 p++; 142 161 … … 497 516 pstring targetpath; 498 517 499 status = parse_dfs_path( dfs_path, search_wcard_flag, &dp, ppath_contains_wcard);518 status = parse_dfs_path(conn, dfs_path, search_wcard_flag, &dp, ppath_contains_wcard); 500 519 if (!NT_STATUS_IS_OK(status)) { 501 520 return status; … … 522 541 pstrcpy(dfs_path, dp.reqpath); 523 542 return NT_STATUS_OK; 524 }525 526 if (!( strequal(dp.servicename, lp_servicename(SNUM(conn)))527 || (strequal(dp.servicename, HOMES_NAME)528 && strequal(lp_servicename(SNUM(conn)), get_current_username()) )) ) {529 530 /* The given sharename doesn't match this connection. */531 532 return NT_STATUS_OBJECT_PATH_NOT_FOUND;533 543 } 534 544 … … 606 616 *self_referralp = False; 607 617 608 status = parse_dfs_path( dfs_path, False, &dp, &dummy);618 status = parse_dfs_path(NULL, dfs_path, False, &dp, &dummy); 609 619 if (!NT_STATUS_IS_OK(status)) { 610 620 return status; 611 }612 613 /* Verify hostname in path */614 if (!is_myname_or_ipaddr(dp.hostname)) {615 DEBUG(3, ("get_referred_path: Invalid hostname %s in path %s\n",616 dp.hostname, dfs_path));617 return NT_STATUS_NOT_FOUND;618 621 } 619 622 … … 1009 1012 struct dfs_path dp; 1010 1013 1011 NTSTATUS status = parse_dfs_path( dfs_path, False, &dp, &dummy);1014 NTSTATUS status = parse_dfs_path(NULL, dfs_path, False, &dp, &dummy); 1012 1015 1013 1016 if (!NT_STATUS_IS_OK(status)) { -
branches/samba-3.0/source/smbd/nttrans.c
r105 r134 2979 2979 uint32 dscnt = IVAL(inbuf,smb_nt_DataCount); 2980 2980 uint32 dsoff = IVAL(inbuf,smb_nt_DataOffset); 2981 2981 uint32 av_size = size-4; 2982 2982 2983 uint16 function_code = SVAL( inbuf, smb_nt_Function); 2983 2984 NTSTATUS result; … … 3050 3051 return(ERROR_DOS(ERRDOS,ERRnomem)); 3051 3052 } 3052 if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) 3053 3054 if (dscnt > state->total_data || 3055 dsoff+dscnt < dsoff) { 3053 3056 goto bad_param; 3054 if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) || 3055 (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf))) 3057 } 3058 3059 if (dsoff > av_size || 3060 dscnt > av_size || 3061 dsoff+dscnt > av_size) { 3056 3062 goto bad_param; 3063 } 3057 3064 3058 3065 memcpy(state->data,smb_base(inbuf)+dsoff,dscnt); … … 3070 3077 return(ERROR_DOS(ERRDOS,ERRnomem)); 3071 3078 } 3072 if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) 3079 3080 if (pscnt > state->total_param || 3081 psoff+pscnt < psoff) { 3073 3082 goto bad_param; 3074 if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || 3075 (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))) 3083 } 3084 3085 if (psoff > av_size || 3086 pscnt > av_size || 3087 psoff+pscnt > av_size) { 3076 3088 goto bad_param; 3089 } 3077 3090 3078 3091 memcpy(state->param,smb_base(inbuf)+psoff,pscnt); … … 3145 3158 { 3146 3159 int outsize = 0; 3147 unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; 3160 uint32_t pcnt,poff,dcnt,doff,pdisp,ddisp; 3161 uint32_t av_size = size-4; 3148 3162 struct trans_state *state; 3149 3163 … … 3189 3203 3190 3204 if (pcnt) { 3191 if (pdisp+pcnt > state->total_param) 3205 if (pdisp > state->total_param || 3206 pcnt > state->total_param || 3207 pdisp+pcnt > state->total_param || 3208 pdisp+pcnt < pdisp) { 3192 3209 goto bad_param; 3193 if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) 3210 } 3211 3212 if (poff > av_size || 3213 pcnt > av_size || 3214 poff+pcnt > av_size || 3215 poff+pcnt < poff) { 3194 3216 goto bad_param; 3195 if (pdisp > state->total_param) 3196 goto bad_param; 3197 if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || 3198 (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) 3199 goto bad_param; 3200 if (state->param + pdisp < state->param) 3201 goto bad_param; 3217 } 3202 3218 3203 3219 memcpy(state->param+pdisp,smb_base(inbuf)+poff, … … 3206 3222 3207 3223 if (dcnt) { 3208 if (ddisp+dcnt > state->total_data) 3224 if (ddisp > state->total_data || 3225 dcnt > state->total_data || 3226 ddisp+dcnt > state->total_data || 3227 ddisp+dcnt < ddisp) { 3209 3228 goto bad_param; 3210 if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) 3229 } 3230 3231 if (ddisp > av_size || 3232 dcnt > av_size || 3233 ddisp+dcnt > av_size || 3234 ddisp+dcnt < ddisp) { 3211 3235 goto bad_param; 3212 if (ddisp > state->total_data) 3213 goto bad_param; 3214 if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || 3215 (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) 3216 goto bad_param; 3217 if (state->data + ddisp < state->data) 3218 goto bad_param; 3236 } 3219 3237 3220 3238 memcpy(state->data+ddisp, smb_base(inbuf)+doff, -
branches/samba-3.0/source/smbd/reply.c
r124 r134 2073 2073 if (SMB_VFS_UNLINK(conn,fname) == 0) { 2074 2074 count++; 2075 DEBUG(3,("unlink_internals: succes ful unlink "2075 DEBUG(3,("unlink_internals: successful unlink " 2076 2076 "[%s]\n",fname)); 2077 2077 notify_fname(conn, NOTIFY_ACTION_REMOVED, -
branches/samba-3.0/source/smbd/sesssetup.c
r124 r134 1189 1189 void *p) 1190 1190 { 1191 struct sessionid *sessionid = (struct sessionid *)dbuf.dptr;1191 struct sessionid sessionid; 1192 1192 const char *ip = (const char *)p; 1193 1193 1194 if (!process_exists(pid_to_procid(sessionid->pid))) { 1194 SMB_ASSERT(dbuf.dsize == sizeof(sessionid)); 1195 memcpy(&sessionid, dbuf.dptr, sizeof(sessionid)); 1196 1197 if (!process_exists(pid_to_procid(sessionid.pid))) { 1195 1198 return 0; 1196 1199 } 1197 1200 1198 if (sessionid ->pid == sys_getpid()) {1201 if (sessionid.pid == sys_getpid()) { 1199 1202 return 0; 1200 1203 } 1201 1204 1202 if (strcmp(ip, sessionid ->ip_addr) != 0) {1205 if (strcmp(ip, sessionid.ip_addr) != 0) { 1203 1206 return 0; 1204 1207 } 1205 1208 1206 message_send_pid(pid_to_procid(sessionid ->pid), MSG_SHUTDOWN,1209 message_send_pid(pid_to_procid(sessionid.pid), MSG_SHUTDOWN, 1207 1210 NULL, 0, True); 1208 1211 return 0; -
branches/samba-3.0/source/smbd/trans2.c
r124 r134 6594 6594 unsigned int pscnt = SVAL(inbuf, smb_pscnt); 6595 6595 unsigned int tran_call = SVAL(inbuf, smb_setup0); 6596 unsigned int av_size = size-4; 6596 6597 struct trans_state *state; 6597 6598 NTSTATUS result; … … 6675 6676 return(ERROR_DOS(ERRDOS,ERRnomem)); 6676 6677 } 6677 if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt)) 6678 6679 if (dscnt > state->total_data || 6680 dsoff+dscnt < dsoff) { 6678 6681 goto bad_param; 6679 if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) || 6680 (smb_base(inbuf)+dsoff+dscnt < smb_base(inbuf))) 6681 goto bad_param; 6682 } 6683 6684 if (dsoff > av_size || 6685 dscnt > av_size || 6686 dsoff+dscnt > av_size) { 6687 goto bad_param; 6688 } 6682 6689 6683 6690 memcpy(state->data,smb_base(inbuf)+dsoff,dscnt); … … 6696 6703 return(ERROR_DOS(ERRDOS,ERRnomem)); 6697 6704 } 6698 if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt)) 6705 6706 if (pscnt > state->total_param || 6707 psoff+pscnt < psoff) { 6699 6708 goto bad_param; 6700 if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) || 6701 (smb_base(inbuf)+psoff+pscnt < smb_base(inbuf))) 6709 } 6710 6711 if (psoff > av_size || 6712 pscnt > av_size || 6713 psoff+pscnt > av_size) { 6702 6714 goto bad_param; 6715 } 6703 6716 6704 6717 memcpy(state->param,smb_base(inbuf)+psoff,pscnt); … … 6749 6762 int outsize = 0; 6750 6763 unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; 6764 unsigned int av_size = size-4; 6751 6765 struct trans_state *state; 6752 6766 … … 6791 6805 6792 6806 if (pcnt) { 6793 if (pdisp+pcnt > state->total_param) 6807 if (pdisp > state->total_param || 6808 pcnt > state->total_param || 6809 pdisp+pcnt > state->total_param || 6810 pdisp+pcnt < pdisp) { 6794 6811 goto bad_param; 6795 if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt)) 6812 } 6813 6814 if (poff > av_size || 6815 pcnt > av_size || 6816 poff+pcnt > av_size || 6817 poff+pcnt < poff) { 6796 6818 goto bad_param; 6797 if (pdisp > state->total_param) 6798 goto bad_param; 6799 if ((smb_base(inbuf) + poff + pcnt > inbuf + size) || 6800 (smb_base(inbuf) + poff + pcnt < smb_base(inbuf))) 6801 goto bad_param; 6802 if (state->param + pdisp < state->param) 6803 goto bad_param; 6819 } 6804 6820 6805 6821 memcpy(state->param+pdisp,smb_base(inbuf)+poff, … … 6808 6824 6809 6825 if (dcnt) { 6810 if (ddisp+dcnt > state->total_data) 6826 if (ddisp > state->total_data || 6827 dcnt > state->total_data || 6828 ddisp+dcnt > state->total_data || 6829 ddisp+dcnt < ddisp) { 6811 6830 goto bad_param; 6812 if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt)) 6831 } 6832 6833 if (ddisp > av_size || 6834 dcnt > av_size || 6835 ddisp+dcnt > av_size || 6836 ddisp+dcnt < ddisp) { 6813 6837 goto bad_param; 6814 if (ddisp > state->total_data) 6815 goto bad_param; 6816 if ((smb_base(inbuf) + doff + dcnt > inbuf + size) || 6817 (smb_base(inbuf) + doff + dcnt < smb_base(inbuf))) 6818 goto bad_param; 6819 if (state->data + ddisp < state->data) 6820 goto bad_param; 6838 } 6821 6839 6822 6840 memcpy(state->data+ddisp, smb_base(inbuf)+doff, -
branches/samba-3.0/source/smbd/utmp.c
r1 r134 222 222 223 223 /* For u-files and non-explicit w-dir, look for "utmp dir" */ 224 if ( dirname == 0 ||strlen(dirname) == 0) {224 if (strlen(dirname) == 0) { 225 225 pstrcpy(dirname,lp_utmpdir()); 226 226 trim_char(dirname,'\0','/'); … … 228 228 229 229 /* If explicit directory above, use it */ 230 if ( dirname != 0 &&strlen(dirname) != 0) {230 if (strlen(dirname) != 0) { 231 231 pstrcpy(fname, dirname); 232 232 pstrcat(fname, "/");
Note:
See TracChangeset
for help on using the changeset viewer.
