diff options
| author | Ralph Boehme <slow@samba.org> | 2018-11-06 13:24:14 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2018-11-16 11:31:10 +0100 |
| commit | 5420863dd11161e50163eb20b022994c229ff836 (patch) | |
| tree | 4f5feb8ba8b2f36cf69fb660f549ba39b3c199c6 /source3/modules/vfs_fruit.c | |
| parent | 4672656d9e1daadcf32ed95f05cf6bd4478d1f93 (diff) | |
| download | samba-5420863dd11161e50163eb20b022994c229ff836.tar.gz | |
vfs_fruit: validation of writes on AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a7c877847f855be5ee6673e541a181b818013abf)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Fri Nov 16 11:31:10 CET 2018 on sn-devel-144
Diffstat (limited to 'source3/modules/vfs_fruit.c')
| -rw-r--r-- | source3/modules/vfs_fruit.c | 67 |
1 files changed, 57 insertions, 10 deletions
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index e40194711b2..9d6efb2c38c 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -4638,27 +4638,67 @@ static ssize_t fruit_pwrite_meta(vfs_handle_struct *handle, { struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp); ssize_t nwritten; + uint8_t buf[AFP_INFO_SIZE]; + size_t to_write; + size_t to_copy; + int cmp; - if (n != AFP_INFO_SIZE || offset != 0) { - DBG_ERR("unexpected offset=%jd or size=%jd\n", - (intmax_t)offset, (intmax_t)n); + if (fio == NULL) { + DBG_ERR("Failed to fetch fsp extension"); return -1; } - if (fio == NULL) { - DBG_ERR("Failed to fetch fsp extension"); + if (n < 3) { + errno = EINVAL; return -1; } + if (offset != 0 && n < 60) { + errno = EINVAL; + return -1; + } + + cmp = memcmp(data, "AFP", 3); + if (cmp != 0) { + errno = EINVAL; + return -1; + } + + if (n <= AFP_OFF_FinderInfo) { + /* + * Nothing to do here really, just return + */ + return n; + } + + offset = 0; + + to_copy = n; + if (to_copy > AFP_INFO_SIZE) { + to_copy = AFP_INFO_SIZE; + } + memcpy(buf, data, to_copy); + + to_write = n; + if (to_write != AFP_INFO_SIZE) { + to_write = AFP_INFO_SIZE; + } + switch (fio->config->meta) { case FRUIT_META_STREAM: - nwritten = fruit_pwrite_meta_stream(handle, fsp, data, - n, offset); + nwritten = fruit_pwrite_meta_stream(handle, + fsp, + buf, + to_write, + offset); break; case FRUIT_META_NETATALK: - nwritten = fruit_pwrite_meta_netatalk(handle, fsp, data, - n, offset); + nwritten = fruit_pwrite_meta_netatalk(handle, + fsp, + buf, + to_write, + offset); break; default: @@ -4666,7 +4706,14 @@ static ssize_t fruit_pwrite_meta(vfs_handle_struct *handle, return -1; } - return nwritten; + if (nwritten != to_write) { + return -1; + } + + /* + * Return the requested amount, verified against macOS SMB server + */ + return n; } static ssize_t fruit_pwrite_rsrc_stream(vfs_handle_struct *handle, |