1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

28 Commits

Author SHA1 Message Date
Jeremy Allison
33f88abe6b s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Nov 21 19:42:22 CET 2017 on sn-devel-144
2017-11-21 19:42:22 +01:00
Richard Sharpe
6abd986704 Convert all uses of uint8/16/32 to _t in source3/smbd.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-06 04:14:14 +02:00
Jeremy Allison
0519088c53 s3: smbd: Change the function signature of srvstr_push() from returning a length to returning an NTSTATUS with a length param.
srvstr_push_fn() now returns an NTSTATUS reporting any
string conversion failure.

We need to get serious about returning character set conversion errors
inside smbd.

Bug 10775 - smbd crashes when accessing garbage filenames

https://bugzilla.samba.org/show_bug.cgi?id=10775

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-09-16 01:56:54 +02:00
Jeremy Allison
5c7e272190 s3: smbd: srvstr_push() was changed to never return -1, so don't check for that as an error.
Bug 10775 - smbd crashes when accessing garbage filenames

https://bugzilla.samba.org/show_bug.cgi?id=10775

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-09-16 01:56:54 +02:00
Andrew Bartlett
73b377432c s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.

Andrew Bartlett
2011-06-09 12:40:08 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Andrew Bartlett
1923b78209 s3-lib Remove the clobber_region() code.
This code wrote to the full buffer in fstrcpy(), pstrcpy() and other
fixed-length string manipulation functions.

The hope of this code was to find out at run time if we were mixing up
pstring and fstring etc, and to record where this came from.  It has a
runtime performance impact (particularly if compiled with
--enable-developer).

It is being removed because of the complexity it adds, and the
distinct lack of bugs that this complexity has been credited in
finding.

The macro-based compile-time checking of string sizes remains.

Andrew Bartlett
2011-03-23 12:49:39 +11:00
Andrew Bartlett
4786a493f7 Solve some of the conflict between Samba3 and Samba4 push_string
This renames push_string in Samba3 into push_string_base and
push_string_check for the two different use cases.

This should allow push_string to be imported from Samba4, using it's
calling conventions.
2009-04-14 12:11:00 +10:00
Stefan Metzmacher
3dde0cbb76 s3:smbd: move all globals and static variables in globals.[ch]
The goal is to move all this variables into a big context structure.

metze
2009-01-08 12:22:21 +01:00
Jeremy Allison
6ff701e695 Match the 3.0.27a version of this function.
Jeremy.
(This used to be commit 629406cbe7)
2007-11-16 13:14:24 -08:00
Gerald (Jerry) Carter
e5a951325a [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.
(This used to be commit 5c6c8e1fe9)
2007-10-10 15:34:30 -05:00
Volker Lendecke
b62bd05b93 r24133: Explicitly pass flags2 down to push_string_fn
This needs a bit closer review, it also touches the client libs
(This used to be commit 824eb26738)
2007-10-10 12:29:10 -05:00
Volker Lendecke
6c6fed5e65 r24130: Explicitly pass flags2 to srvstr_push
This is in preparation of the trans2 conversion: srvstr_push should not
look at inbuf directly.
(This used to be commit 5fd7e6a382)
2007-10-10 12:29:09 -05:00
Volker Lendecke
944fe69d03 r24000: Add message_push_blob() and message_push_string().
The proposed new API convention is to start with a 0 bcc length and then
push things step by step. These routines reallocate the outbuf and
adjust the length and bcc fields as necessary.
(This used to be commit 624f1fe4f6)
2007-10-10 12:28:54 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Andrew Bartlett
1f499a79f5 (merge from HEAD)
Small clenaup patches:
 - safe_string.h - don't assume that __FUNCTION__ is available
 - process.c - use new workaround from safe_string.h for the same
 - util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
 - gencache.c - Keep valgrind quiet by always null terminating.
 - clistr.c - Add copyright
 - srvstr.h - move srvstr_push into a .c file again, as a real function.
 - srvstr.c - revive, with 'safe' checked srvstr_push
 - loadparm.c - set a default for the display charset.

 - connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddb)
2003-03-22 13:47:42 +00:00
Andrew Bartlett
d5ee9b2f48 Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.

Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().

Andrew Bartlett
(This used to be commit c5b604e2ee)
2003-03-18 11:22:52 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Tridgell
87fbb7092b The big character set handling changeover!
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
2001-07-04 07:15:53 +00:00
Andrew Tridgell
4ff011d88e Added STR_NOALIGN flags to clistr and srvstr fns. Yes, NT actually does
send unaligned unicode strings sometimes!
Fixed our handling of the workgroup name tacked on the end of the
NT1 negprot response (a unaligned unicode)
fixed a couple of places where we should be using the message_end fns instead
of pre-calculated buffer lengths
(This used to be commit 86613493a9)
2001-06-21 05:38:28 +00:00
Andrew Tridgell
578a9fabfb started converting some of the only-ascii code to use srvstr_*
added srvstr_push_ascii() and srvstr_pull_ascii() as convenience
routines to replace the current usage of strncpy() like fns
for packet pull/push. We need to do this in *lots* of places
in Samba in order to get our codepage handling right
(This used to be commit 8b0e3679a6)
2001-03-31 13:48:24 +00:00
Andrew Tridgell
cf313f6232 fixed some compilation errors with IRIX cc
(This used to be commit e430ded56e)
2001-03-18 22:47:17 +00:00
Andrew Tridgell
fbab616c14 don't need srvstr_push_size or srvstr_pull_size
(This used to be commit d5b39a1d43)
2001-03-14 12:45:46 +00:00
Andrew Tridgell
ff0462cde8 simpler and more correct srvstr_push()
it now uses outbuf not inbuf for the unicode flag, which
allows for some server fns to be ascii and means one less
parameter in push calls
(This used to be commit a6dd666226)
2001-03-13 22:00:46 +00:00
Andrew Tridgell
26f63881e2 added STR_ASCII flag to srvstr_pull()
(This used to be commit e54d379030)
2001-03-13 03:45:29 +00:00
Andrew Tridgell
b08b70faf8 started support for unicode on the wire in smbd. Using a very similar
method to what was used in the client I now have session setup and
tconx working.

Currently this is enabled with SMBD_USE_UNICODE environment
variable. Once the code is complete this will become a smb.conf
option.
(This used to be commit 7684c1e672)
2001-03-10 11:38:27 +00:00