[SCM] Samba Shared Repository - branch master updated

Sat, 04 Jan 2025 12:48:19 -0800 

The branch, master has been updated
       via  4e36eec2445 fruit: fixup size_t overflow check
       via  ab4d68fc92e s3:vfs_fruit: Fix crash for nbands == 0
       via  05d79abdc01 torture:fruit: Test timemachine for 0 bands
      from  5a560ba4896 include <grp.h> for setgroups in a few places

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4e36eec244507430991971466d79891e7fd3a7d7
Author: Michael Tokarev <[email protected]>
Date:   Thu Nov 17 23:51:03 2022 +0300

    fruit: fixup size_t overflow check
    
    https://bugzilla.samba.org/show_bug.cgi?id=13622 .
    The check ('bandsize > SIZE_MAX/nbands' is wrong, since
    it caps the total size to the wrong data type size_t
    instead of off_t -- samba is always built with LFS support
    so off_t is always 64bits, while size_t is 32bit son a
    32bit platform.  This has caused issues already, capping
    size of the bands: https://bugs.debian.org/974868 .
    
    Since there's another overflow check already, let's just
    fold this one to the following one and log a more complete
    error message.
    
    Signed-off-by: Michael Tokarev <[email protected]>
    Reviewed-by: Ralph Boehme <[email protected]>
    Reviewed-by: Pavel Filipenský <[email protected]>
    
    Autobuild-User(master): Pavel Filipensky <[email protected]>
    Autobuild-Date(master): Sat Jan  4 20:47:35 UTC 2025 on atb-devel-224

commit ab4d68fc92e9160e8917edba72f5838023cedaa5
Author: Pavel Filipenský <[email protected]>
Date:   Thu Jan 2 18:25:22 2025 +0100

    s3:vfs_fruit: Fix crash for nbands == 0
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Ralph Boehme <[email protected]>

commit 05d79abdc01dc58e19e62a9a6d047b3344409115
Author: Pavel Filipenský <[email protected]>
Date:   Thu Jan 2 18:32:40 2025 +0100

    torture:fruit: Test timemachine for 0 bands
    
    Signed-off-by: Pavel Filipenský <[email protected]>
    Reviewed-by: Ralph Boehme <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_fruit.c | 25 +++++++++----------------
 source4/torture/vfs/fruit.c | 15 ++++++++++++---
 2 files changed, 21 insertions(+), 19 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 9d1e8badd61..39deb16105d 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -5213,7 +5213,7 @@ static bool fruit_get_num_bands(vfs_handle_struct *handle,
        TALLOC_FREE(bands_dir);
 
        *_nbands = nbands;
-       return true;
+       return nbands > 0;
 }
 
 static bool fruit_tmsize_do_dirent(vfs_handle_struct *handle,
@@ -5260,22 +5260,15 @@ static bool fruit_tmsize_do_dirent(vfs_handle_struct 
*handle,
                return true;
        }
 
-       /*
-        * Arithmetic on 32-bit systems may cause overflow, depending on
-        * size_t precision. First we check its unlikely, then we
-        * force the precision into target off_t, then we check that
-        * the total did not overflow either.
-        */
-       if (bandsize > SIZE_MAX/nbands) {
-               DBG_ERR("tmsize potential overflow: bandsize [%zu] nbands 
[%zu]\n",
-                       bandsize, nbands);
-               return false;
-       }
        tm_size = (off_t)bandsize * (off_t)nbands;
-
-       if (state->total_size + tm_size < state->total_size) {
-               DBG_ERR("tm total size overflow: bandsize [%zu] nbands [%zu]\n",
-                       bandsize, nbands);
+       if (tm_size / nbands != bandsize ||
+           state->total_size + tm_size < state->total_size)
+       {
+               DBG_ERR("tm size overflow: total_size [%jd]"
+                       " bandsize [%zu] nbands [%zu]\n",
+                       (intmax_t)state->total_size,
+                       bandsize,
+                       nbands);
                return false;
        }
 
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index c748326483a..6bad4e409c6 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -8125,15 +8125,24 @@ static bool test_timemachine_volsize(struct 
torture_context *tctx,
        torture_assert_ntstatus_ok_goto(tctx, status, ok, done,
                                        "smb2_util_mkdir\n");
 
+       status = smb2_util_roothandle(tree, &h);
+       torture_assert_ntstatus_ok(tctx, status, "Unable to create root 
handle");
+
+       /* Test that smbd does not crash if number of bands is 0 */
+       ZERO_STRUCT(fsinfo);
+       fsinfo.generic.level = RAW_QFS_SIZE_INFORMATION;
+       fsinfo.generic.handle = h;
+
+       status = smb2_getinfo_fs(tree, tree, &fsinfo);
+       torture_assert_ntstatus_ok(tctx, status, "smb2_getinfo_fs failed");
+
+       /* Setup 2 bands and test again */
        ok = torture_setup_file(tctx, tree, "test.sparsebundle/bands/1", false);
        torture_assert_goto(tctx, ok, ok, done, "torture_setup_file failed\n");
 
        ok = torture_setup_file(tctx, tree, "test.sparsebundle/bands/2", false);
        torture_assert_goto(tctx, ok, ok, done, "torture_setup_file failed\n");
 
-       status = smb2_util_roothandle(tree, &h);
-       torture_assert_ntstatus_ok(tctx, status, "Unable to create root 
handle");
-
        ZERO_STRUCT(fsinfo);
        fsinfo.generic.level = RAW_QFS_SIZE_INFORMATION;
        fsinfo.generic.handle = h;


-- 
Samba Shared Repository

Reply via email to