ipc.c: Fix bug where we don't return the correct error code when client

gives a too-small buffer for share info. Fix from Gil Kloepfer <gil@arlut.utexas.edu> smb.h: server.c: Fix for a nastly little security problem with multi-user Windows NT servers and Samba where the contents of the open-file cache can end up being served out to users who shouldn't have access. This is some *seriously* ugly code. Jeremy. (This used to be commit 05c85df3c7da982085615e5a1db6c71e164db4f5)
author: Jeremy Allison <jra@samba.org> 1998-06-03 01:04:45 +0000
committer: Jeremy Allison <jra@samba.org> 1998-06-03 01:04:45 +0000
commit: c435955b02c7fc227b9475ff73c62e080d34a1af (patch)
tree: 003f5151fe56470a87f0d97e56eaea2d3b4d1473 /source3/smbd/ipc.c
parent: 1714adc7985e0c71d0ec046f727c239dfa33b2af (diff)
download: samba-c435955b02c7fc227b9475ff73c62e080d34a1af.tar.gz
samba-c435955b02c7fc227b9475ff73c62e080d34a1af.tar.bz2
samba-c435955b02c7fc227b9475ff73c62e080d34a1af.zip
1 files changed, 12 insertions, 9 deletions
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 132fdb30ef..8def6d4908 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1504,6 +1504,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data,
   char *p2;
   int count=lp_numservices();
   int total=0,counted=0;
+  BOOL missed = False;
   int i;
   int data_len, fixed_len, string_len;
   int f_len = 0, s_len = 0;
@@ -1514,16 +1515,18 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data,
   data_len = fixed_len = string_len = 0;
   for (i=0;i<count;i++)
     if (lp_browseable(i) && lp_snum_ok(i))
+    {
+      total++;
+      data_len += fill_share_info(cnum,i,uLevel,0,&f_len,0,&s_len,0);
+      if (data_len <= buf_len)
       {
-  	total++;
- 	data_len += fill_share_info(cnum,i,uLevel,0,&f_len,0,&s_len,0);
- 	if (data_len <= buf_len)
- 	  {
- 	    counted++;
- 	    fixed_len += f_len;
- 	    string_len += s_len;
- 	  }
+        counted++;
+        fixed_len += f_len;
+        string_len += s_len;
       }
+      else
+        missed = True;
+    }
   *rdata_len = fixed_len + string_len;
   *rdata = REALLOC(*rdata,*rdata_len);
   memset(*rdata,0,*rdata_len);
@@ -1539,7 +1542,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data,
   
   *rparam_len = 8;
   *rparam = REALLOC(*rparam,*rparam_len);
-  SSVAL(*rparam,0,NERR_Success);
+  SSVAL(*rparam,0,missed ? ERROR_MORE_DATA : NERR_Success);
   SSVAL(*rparam,2,0);
   SSVAL(*rparam,4,counted);
   SSVAL(*rparam,6,total);
author	Jeremy Allison <jra@samba.org>	1998-06-03 01:04:45 +0000
committer	Jeremy Allison <jra@samba.org>	1998-06-03 01:04:45 +0000
commit	c435955b02c7fc227b9475ff73c62e080d34a1af (patch)
tree	003f5151fe56470a87f0d97e56eaea2d3b4d1473 /source3/smbd/ipc.c
parent	1714adc7985e0c71d0ec046f727c239dfa33b2af (diff)
download	samba-c435955b02c7fc227b9475ff73c62e080d34a1af.tar.gz samba-c435955b02c7fc227b9475ff73c62e080d34a1af.tar.bz2 samba-c435955b02c7fc227b9475ff73c62e080d34a1af.zip