Bug 159019

Summary: Share names over 32 characters cause smbd trouble
Product: Red Hat Enterprise Linux 4 Reporter: Michael Brown <michael>
Component: sambaAssignee: Guenther Deschner <gdeschner>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: azelinka, diegoliz, dpal, gdeschner, samba-bugs-list
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Using a share name 24 to 32 characters long caused a string overflow. Share names are now permitted to be up to 32 characters long and string overflows no longer occur.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-11 11:26:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch from https://bugzilla.samba.org/show_bug.cgi?id=3703 none

Description Michael Brown 2005-05-27 20:08:19 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
I had a sharename of length 33 (yes, just over :). Windows clients (tested with XP only) that had the share mounted thought there were filename restrictions on the filesystem - it couldn't create anything other than 8.3 basic filenames. XP popped up with:

Title:Rename
Contents:The drive that this file or folder is stored on does not allow long file names, or names containing blanks or any of the following characters: \/:,;*?"<>|

In the samba logs, I see:
172.21.7.50.log:  ERROR: string overflow by 1 (24 - 23) in safe_strcpy [test1_2_
3_4_5_6_7_8_9_a_b_c_d_e_f]
172.21.7.50.log:  172.21.7.50 (172.21.7.50) connect to service test1_2_3_4_5_6_7
_8_9_a_b_c_d_e_f initially as user michaelb (uid=11865, gid=100) (pid 16033)
172.21.7.50.log:  172.21.7.50 (172.21.7.50) couldn't find service test1_2_3_4_5_
6_7_8_9_a_b_c_d_e_
172.21.7.50.log:  172.21.7.50 (172.21.7.50) couldn't find service test1_2_3_4_5_
6_7_8_9_a_b_c_d_e_

Note that the filesystem has to be mounted as a drive for it to fail - browsing by UNC pathname works, but still generates the string overflow log messages.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create a share of length >32
2. Mount it under XP
3. Try to create a filename with a space

Actual Results:  Error popup as described

Expected Results:  The file would be created

Additional info:

samba-3.0.10-1.4E
Also present in FC3
Comment 1 Diego Liziero 2007-04-24 07:32:02 UTC 
Created attachment 153332 [details]
patch from https://bugzilla.samba.org/show_bug.cgi?id=3703

The bug is still present in RHEL5. With share name from 24 up to 32 char the
following error appears:

smbd[8935]: [2007/04/21 10:00:06, 0] lib/util_str.c:safe_strcpy_fn(603) 
smbd[8935]:   ERROR: string overflow by 1 (24 - 23) in safe_strcpy
[very_long_hidden_share_name$]

This patch solves these issues with long share names.
Tested on samba-3.0.23c-2.el5.2.src.rpm

Please apply.

Regards,
Diego.
Comment 2 Dmitri Pal 2010-05-10 14:26:40 UTC 
Should be fixed in the latest 3.0.33 version.

Please add the test  and verify.
Comment 3 Diego Liziero 2010-05-11 10:32:55 UTC 
Verified, it works with the latest 3.0.33 version.
Thank you.
Comment 4 Guenther Deschner 2010-05-11 11:26:03 UTC 
Thanks for testing, closing this report.
Comment 6 Martin Prpič 2011-02-16 13:21:05 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Using a share name 24 to 32 characters long caused a string overflow. Share names are now permitted to be up to 32 characters long and string overflows no longer occur.