Bug 159019 - Share names over 32 characters cause smbd trouble
Summary: Share names over 32 characters cause smbd trouble
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Guenther Deschner
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-27 20:08 UTC by Michael Brown
Modified: 2011-02-16 13:21 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Using a share name 24 to 32 characters long caused a string overflow. Share names are now permitted to be up to 32 characters long and string overflows no longer occur.
Clone Of:
Environment:
Last Closed: 2010-05-11 11:26:03 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
patch from https://bugzilla.samba.org/show_bug.cgi?id=3703 (4.92 KB, patch)
2007-04-24 07:32 UTC, Diego Liziero
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0242 0 normal SHIPPED_LIVE samba bug fix and enhancement update 2011-02-15 16:34:56 UTC

Description Michael Brown 2005-05-27 20:08:19 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
I had a sharename of length 33 (yes, just over :). Windows clients (tested with XP only) that had the share mounted thought there were filename restrictions on the filesystem - it couldn't create anything other than 8.3 basic filenames. XP popped up with:

Title:Rename
Contents:The drive that this file or folder is stored on does not allow long file names, or names containing blanks or any of the following characters: \/:,;*?"<>|

In the samba logs, I see:
172.21.7.50.log:  ERROR: string overflow by 1 (24 - 23) in safe_strcpy [test1_2_
3_4_5_6_7_8_9_a_b_c_d_e_f]
172.21.7.50.log:  172.21.7.50 (172.21.7.50) connect to service test1_2_3_4_5_6_7
_8_9_a_b_c_d_e_f initially as user michaelb (uid=11865, gid=100) (pid 16033)
172.21.7.50.log:  172.21.7.50 (172.21.7.50) couldn't find service test1_2_3_4_5_
6_7_8_9_a_b_c_d_e_
172.21.7.50.log:  172.21.7.50 (172.21.7.50) couldn't find service test1_2_3_4_5_
6_7_8_9_a_b_c_d_e_

Note that the filesystem has to be mounted as a drive for it to fail - browsing by UNC pathname works, but still generates the string overflow log messages.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Create a share of length >32
2. Mount it under XP
3. Try to create a filename with a space

Actual Results:  Error popup as described

Expected Results:  The file would be created

Additional info:

samba-3.0.10-1.4E
Also present in FC3

Comment 1 Diego Liziero 2007-04-24 07:32:02 UTC
Created attachment 153332 [details]
patch from https://bugzilla.samba.org/show_bug.cgi?id=3703

The bug is still present in RHEL5. With share name from 24 up to 32 char the
following error appears:

smbd[8935]: [2007/04/21 10:00:06, 0] lib/util_str.c:safe_strcpy_fn(603) 
smbd[8935]:   ERROR: string overflow by 1 (24 - 23) in safe_strcpy
[very_long_hidden_share_name$]

This patch solves these issues with long share names.
Tested on samba-3.0.23c-2.el5.2.src.rpm

Please apply.

Regards,
Diego.

Comment 2 Dmitri Pal 2010-05-10 14:26:40 UTC
Should be fixed in the latest 3.0.33 version.

Please add the test  and verify.

Comment 3 Diego Liziero 2010-05-11 10:32:55 UTC
Verified, it works with the latest 3.0.33 version.
Thank you.

Comment 4 Guenther Deschner 2010-05-11 11:26:03 UTC
Thanks for testing, closing this report.

Comment 6 Martin Prpič 2011-02-16 13:21:05 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Using a share name 24 to 32 characters long caused a string overflow. Share names are now permitted to be up to 32 characters long and string overflows no longer occur.


Note You need to log in before you can comment on or make changes to this bug.