diff options
| author | Alexander Bokovoy <ab@samba.org> | 2004-03-12 14:37:37 +0000 |
|---|---|---|
| committer | Alexander Bokovoy <ab@samba.org> | 2004-03-12 14:37:37 +0000 |
| commit | 6011a89e240ba8a51163baee51da98d2b32ab98c (patch) | |
| tree | 1c1208b2cbc02c4b8a30a1d180e38d877cc0f7cd /source3/smbd | |
| parent | 82053806f5fa66cfd47288997df7351284f6e096 (diff) | |
| download | samba-6011a89e240ba8a51163baee51da98d2b32ab98c.tar.gz samba-6011a89e240ba8a51163baee51da98d2b32ab98c.tar.bz2 samba-6011a89e240ba8a51163baee51da98d2b32ab98c.zip | |
Fix problems with very long filenames in both smbd and smbclient.
It appears that we pass filename through resolve_wildcards() as pstring and use fstring temporary buffer there.
As result, a long filename in unix charset (UTF-8 by default) can easily expand over 255 bytes while
Windows is able to send to us such names (e.g. Japanese name of ~190 mb chars) which we unable to process through
this small fstring buffer. Tested with W2K and smbclient, Japanese and Cyrillics.
(This used to be commit 83dac6571f99b854ac607d4313cc3f742c1fae2e)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/reply.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 4a0c06f442..aeac9e4c84 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -3361,14 +3361,18 @@ int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, /******************************************************************* Resolve wildcards in a filename rename. + Note that name is in UNIX charset and thus potentially can be more + than fstring buffer (255 bytes) especially in default UTF-8 case. + Therefore, we use pstring inside and all calls should ensure that + name2 is at least pstring-long (they do already) ********************************************************************/ static BOOL resolve_wildcards(const char *name1, char *name2) { - fstring root1,root2; - fstring ext1,ext2; + pstring root1,root2; + pstring ext1,ext2; char *p,*p2, *pname1, *pname2; - int available_space; + int available_space, actual_space; pname1 = strrchr_m(name1,'/'); @@ -3377,21 +3381,21 @@ static BOOL resolve_wildcards(const char *name1, char *name2) if (!pname1 || !pname2) return(False); - fstrcpy(root1,pname1); - fstrcpy(root2,pname2); + pstrcpy(root1,pname1); + pstrcpy(root2,pname2); p = strrchr_m(root1,'.'); if (p) { *p = 0; - fstrcpy(ext1,p+1); + pstrcpy(ext1,p+1); } else { - fstrcpy(ext1,""); + pstrcpy(ext1,""); } p = strrchr_m(root2,'.'); if (p) { *p = 0; - fstrcpy(ext2,p+1); + pstrcpy(ext2,p+1); } else { - fstrcpy(ext2,""); + pstrcpy(ext2,""); } p = root1; @@ -3423,7 +3427,11 @@ static BOOL resolve_wildcards(const char *name1, char *name2) available_space = sizeof(pstring) - PTR_DIFF(pname2, name2); if (ext2[0]) { - snprintf(pname2, available_space - 1, "%s.%s", root2, ext2); + actual_space = snprintf(pname2, available_space - 1, "%s.%s", root2, ext2); + if (actual_space >= available_space - 1) { + DEBUG(1,("resolve_wildcards: can't fit resolved name into specified buffer (overrun by %d bytes)\n", + actual_space - available_space)); + } } else { pstrcpy_base(pname2, root2, name2); } |