--Apple-Mail-96-497555612
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
Post by Jeremy AllisonThis patch fixes marshall_stream_info to overfill the buffer by 1
stream so that send_trans2_replies can properly detect the
overflow
and return the correct status.
Any chance of a torture test for s4 smbtorture for this Tim ?
That way we'll never regress (hopefully).
I actually did write one, but ran into a few problems:
1. Samba 4's smbclient was having some issues when receiving a trans2
response with Data Count equal to the request's Max Data Count. This
caused the wrong error message to be passed up to smbtorture. A
windows XP client had no problem receiving a response with Data Count
== Max Data Count, and was able to execute the buffer sizing algorithm
described in the comment against samba.
2. I may have missed something, but I didn't see a way in Samba 4's
smbclient to set the Max Data Count. It appears to be hard coded to
64K. This prevented me from writing a torture test that really
reproduces what the windows client does.
I didn't spend too much time tinkering with samba 4's smbclient, but
if anyone is interested in looking, I attached the test. I'll try and
get to it after I get a few other higher priority items done.
Jeremy, speaking of RAW-STREAMS torture, how is the rename fix going?
I also wrote a rename torture test last week to reproduce that exact
bug :). I was about to get started on writing a fix when I saw that
you already wrote one :). Once you get RAW-STREAMS passing again,
I'll push any additions I have in my rename test.
-Tim
--Apple-Mail-96-497555612
Content-Disposition: attachment;
filename=0001-s4-torture-Add-large-streaminfo-buffer-torture-test.patch
Content-Type: application/octet-stream; x-unix-mode=0700;
name="0001-s4-torture-Add-large-streaminfo-buffer-torture-test.patch"
Content-Transfer-Encoding: quoted-printable
=46rom=20d9c89c3afdfd4ca3254f102b8b45c0d05d9f6d78=20Mon=20Sep=2017=20=
00:00:00=202001=0AFrom:=20Tim=20Prouty=20<***@samba.org>=0ADate:=20=
Tue,=2023=20Dec=202008=2011:18:17=20-0800=0ASubject:=20[PATCH]=20s4=20=
torture:=20Add=20large=20streaminfo=20buffer=20torture=20test=20to=20=
RAW-STREAMS=0A=0A---=0A=20source4/torture/raw/streams.c=20|=20=20=2078=20=
+++++++++++++++++++++++++++++++++++++++++=0A=201=20files=20changed,=2078=20=
insertions(+),=200=20deletions(-)=0A=0Adiff=20--git=20=
a/source4/torture/raw/streams.c=20b/source4/torture/raw/streams.c=0A=
index=20ba74530..c9c5c31=20100644=0A---=20=
a/source4/torture/raw/streams.c=0A+++=20b/source4/torture/raw/streams.c=0A=
@@=20-1113,6=20+1113,82=20@@=20done:=0A=20}=0A=20=0A=20=0A+static=20bool=20=
create_file_with_stream(struct=20torture_context=20*tctx,=0A+=09=09=09=09=
=20=20=20=20struct=20smbcli_state=20*cli,=0A+=09=09=09=09=20=20=20=20=
TALLOC_CTX=20*mem_ctx,=0A+=09=09=09=09=20=20=20=20const=20char=20=
*base_fname,=0A+=09=09=09=09=20=20=20=20const=20char=20*stream)=0A+{=0A+=09=
NTSTATUS=20status;=0A+=09bool=20ret=20=3D=20true;=0A+=09union=20smb_open=20=
io;=0A+=0A+=09/*=20Create=20a=20file=20with=20a=20stream=20*/=0A+=09=
io.generic.level=20=3D=20RAW_OPEN_NTCREATEX;=0A+=09=
io.ntcreatex.in.root_fid=20=3D=200;=0A+=09io.ntcreatex.in.flags=20=3D=20=
0;=0A+=09io.ntcreatex.in.access_mask=20=3D=20=
(SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA|=0A+=09=20=20=20=20=
SEC_FILE_APPEND_DATA|SEC_STD_READ_CONTROL);=0A+=09=
io.ntcreatex.in.create_options=20=3D=200;=0A+=09=
io.ntcreatex.in.file_attr=20=3D=20FILE_ATTRIBUTE_NORMAL;=0A+=09=
io.ntcreatex.in.share_access=20=3D=200;=0A+=09io.ntcreatex.in.alloc_size=20=
=3D=200;=0A+=09io.ntcreatex.in.open_disposition=20=3D=20=
NTCREATEX_DISP_CREATE;=0A+=09io.ntcreatex.in.impersonation=20=3D=20=
NTCREATEX_IMPERSONATION_ANONYMOUS;=0A+=09io.ntcreatex.in.security_flags=20=
=3D=200;=0A+=09io.ntcreatex.in.fname=20=3D=20stream;=0A+=0A+=09status=20=
=3D=20smb_raw_open(cli->tree,=20mem_ctx,=20&io);=0A+=09=
CHECK_STATUS(status,=20NT_STATUS_OK);=0A+=0A+=20done:=0A+=09=
smbcli_close(cli->tree,=20io.ntcreatex.out.file.fnum);=0A+=09return=20=
ret;=0A+}=0A+=0A+/*=20Test=20streaminfo=20with=20enough=20streams=20on=20=
a=20file=20to=20fill=20up=20the=20buffer.=20=20*/=0A+static=20bool=20=
test_stream_large_streaminfo(struct=20torture_context=20*tctx,=0A+=09=09=09=
=09=09=20struct=20smbcli_state=20*cli,=0A+=09=09=09=09=09=20TALLOC_CTX=20=
*mem_ctx)=0A+{=0A+#define=20LONG_STREAM_SIZE=20200=0A+=09char=20=
*lstream_name;=0A+=09const=20char=20*fname=20=3D=20BASEDIR=20=
"\\stream.txt";=0A+=09const=20char=20*fname_stream;=0A+=09NTSTATUS=20=
status;=0A+=09bool=20ret=20=3D=20true;=0A+=09int=20i;=0A+=09union=20=
smb_fileinfo=20finfo;=0A+=0A+=09lstream_name=20=3D=20=
talloc_array(mem_ctx,=20char,=20LONG_STREAM_SIZE);=0A+=0A+=09for=20(i=20=
=3D=200;=20i=20<=20LONG_STREAM_SIZE=20-=201;=20i++)=20{=0A+=09=09=
lstream_name[i]=20=3D=20(char)('a'=20+=20i%26);=0A+=09}=0A+=09=
lstream_name[LONG_STREAM_SIZE=20-=201]=20=3D=20'\0';=0A+=0A+=09=
printf("(%s)=20Creating=20a=20file=20with=20a=20lot=20of=20streams\n",=20=
__location__);=0A+=09for=20(i=20=3D=200;=20i=20<=20150;=20i++)=20{=0A+=09=
=09fname_stream=20=3D=20talloc_asprintf(mem_ctx,=20"%s:%s%d",=20fname,=0A=
+=09=09=09=09=09=20=20=20=20=20=20=20lstream_name,=20i);=0A+=09=09ret=20=
=3D=20create_file_with_stream(tctx,=20cli,=20mem_ctx,=20fname,=0A+=09=09=09=
=09=09=20=20=20=20=20=20fname_stream);=0A+=09=09if=20(!ret)=20{=0A+=09=09=
=09goto=20done;=0A+=09=09}=0A+=09}=0A+=0A+=09finfo.generic.level=20=3D=20=
RAW_FILEINFO_STREAM_INFO;=0A+=09finfo.generic.in.file.path=20=3D=20=
fname;=0A+=0A+=09status=20=3D=20smb_raw_pathinfo(cli->tree,=20mem_ctx,=20=
&finfo);=0A+=09CHECK_STATUS(status,=20STATUS_BUFFER_OVERFLOW);=0A+=0A+=20=
done:=0A+=09smbcli_unlink(cli->tree,=20fname);=0A+=09return=20ret;=0A+}=0A=
+=0A=20/*=20=0A=20=20=20=20basic=20testing=20of=20streams=20calls=0A=20=
*/=0A@@=20-1140,6=20+1216,8=20@@=20bool=20torture_raw_streams(struct=20=
torture_context=20*torture,=0A=20=09if=20(!torture_setting_bool(torture,=20=
"samba4",=20false))=20{=0A=20=09=09ret=20&=3D=20=
test_stream_delete(torture,=20cli,=20torture);=0A=20=09}=0A+=09ret=20&=3D=20=
test_stream_large_streaminfo(torture,=20cli,=20torture);=0A+=09=
smb_raw_exit(cli->session);=0A=20=0A=20=09smb_raw_exit(cli->session);=0A=20=
=09smbcli_deltree(cli->tree,=20BASEDIR);=0A--=20=0A1.6.0=0A=0A=
--Apple-Mail-96-497555612
Content-Type: text/plain;
charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
--Apple-Mail-96-497555612--