mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3:mdssvc: marshalling: fix unpacking empty filemeta structure
This is how a correct dump of an empty sl_filemeta_t container should look like: DALLOC_CTX(#1): { sl_array_t(#3): { uint64_t: 0x0023 CNIDs: unkn1: 0x0, unkn2: 0x0 DALLOC_CTX(#0): { } sl_filemeta_t(#0): { } } } This is basically the response from macOS mdssvc for a query that yields no results: sl_filemeta_t is empty, the CNIDs array as well. Looking at the raw packet data, the empty sl_filemeta_t container as a size of 8 bytes which fails the following check in sl_unpack_cpx(): case SQ_CPX_TYPE_FILEMETA: ... if (tag.size < 16) { *boom* } Only tag.size=0 is invalid, tag.size=8 denotes an empty container and tag.size>=16 denotes a sl_filemeta_t container with actual content must be unpacked by calling sl_unpack(). Note that size is always a muliple of 8. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
ed37f2d3c4
commit
d67c98184a
@ -1005,7 +1005,7 @@ static ssize_t sl_unpack_cpx(DALLOC_CTX *query,
|
||||
if (offset == -1) {
|
||||
return -1;
|
||||
}
|
||||
if (tag.size < 16) {
|
||||
if (tag.size < 8) {
|
||||
DBG_WARNING("size too mall: %zu\n", tag.size);
|
||||
return -1;
|
||||
}
|
||||
@ -1014,9 +1014,14 @@ static ssize_t sl_unpack_cpx(DALLOC_CTX *query,
|
||||
if (sl_fm == NULL) {
|
||||
return -1;
|
||||
}
|
||||
result = sl_unpack(sl_fm, buf + offset, bufsize - offset );
|
||||
if (result == -1) {
|
||||
return -1;
|
||||
|
||||
if (tag.size >= 16) {
|
||||
result = sl_unpack(sl_fm,
|
||||
buf + offset,
|
||||
bufsize - offset );
|
||||
if (result == -1) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
result = dalloc_add(query, sl_fm, sl_filemeta_t);
|
||||
if (result != 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user