Just Installed 3.0.5rc1 and the problem persists unfortunately, heres a sample of my log : wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:03 mandrake1 nss_wins[15212]: ERROR: string overflow by 1 (9 - 8) in safe_strcpy [TAENO~EI.PDF] Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:03 mandrake1 nss_wins[15212]: ERROR: string overflow by 1 (16 - 15) in safe_strcpy [taeno_checklist.pdf] Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:03 mandrake1 nss_wins[15212]: ERROR: string overflow by 1 (9 - 8) in safe_strcpy [TAENO~M9.PDF] Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:03 mandrake1 nss_wins[15212]: ERROR: string overflow by 1 (16 - 15) in safe_strcpy [taeno_effective.pdf] Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:03 mandrake1 nss_wins[15212]: ERROR: string overflow by 1 (9 - 8) in safe_strcpy [TAENO~K1.PDF] Jul 12 12:31:03 mandrake1 nss_wins[15212]: [2004/07/12 12:31:03, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:03 mandrake1 nss_wins[15212]: ERROR: string overflow by 1 (16 - 15) in safe_strcpy [taeno_structure.pdf] Jul 12 12:31:09 mandrake1 nss_wins[15215]: [2004/07/12 12:31:09, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:09 mandrake1 nss_wins[15215]: ERROR: string overflow by 1 (9 - 8) in safe_strcpy [INITC~FJ.BAK] Jul 12 12:31:09 mandrake1 nss_wins[15215]: [2004/07/12 12:31:09, 0] lib/util_str.c:safe_strcpy_fn(600) Jul 12 12:31:09 mandrake1 nss_wins[15215]: ERROR: string overflow by 1 (7 - 6) in safe_strcpy [INIT.C.bak] i also get these errors ocasionaly wins[15421]: [2004/07/12 12:37:19, 0] smbd/service.c:make_connection_snum(535) Jul 12 12:37:19 mandrake1 nss_wins[15421]: Can't become connected user! my .conf remains the same as before. If you need anything else just let me know. see the thread ( String overflow in safe_strcpy ) for history Cheers, Carl Matthews Jeremy Allison wrote: > On Tue, Jun 29, 2004 at 09:13:05AM +0100, Carl Matthews wrote: > >> Also i've just noticed the errors never occur for directorys but only for files longer than the 8.3. Which again suggests an error in the hash mangling method. > > > > Here's the fix. Incorrect use of safe_strcpy (memcpy should be used instead). > > Jeremy. > > > ------------------------------------------------------------------------ > > Index: smbd/mangle_hash.c > ================================================================== > --- smbd/mangle_hash.c (revision 1298) > +++ smbd/mangle_hash.c (working copy) > @@ -546,8 +546,10 @@ > /* Fill the new cache entry, and add it to the cache. */ > s1 = (char *)(new_entry + 1); > s2 = (char *)&(s1[mangled_len + 1]); > - safe_strcpy( s1, mangled_name, mangled_len ); > - safe_strcpy( s2, raw_name, raw_len ); > + memcpy( s1, mangled_name, mangled_len ); > + s1[mangled_len] = '\0'; > + memcpy( s2, raw_name, raw_len ); > + s2[raw_len] = '\0'; > ubi_cachePut( mangled_cache, i, new_entry, s1 ); > } > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Hi, I've built Samva 3.0.4 on Solaris 8 (after removing '/usr/ucb' from the path); 'nmbd' seems to work, but 'smbd' fails with: [2004/07/09 17:42:01, 2] lib/dmallocmsg.c:(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2004/07/09 17:42:02, 2] smbd/tdbutil.c:(42) tdb(/usr/local/samba/var/locks/sessionid.tdb): tdb_mmap failed for size 696 (Resource temporarily unavailable) [2004/07/09 17:42:02, 2] smbd/tdbutil.c:(42) tdb(/usr/local/samba/var/locks/connections.tdb): tdb_mmap failed for size 696 (Resource temporarily unavailable) [2004/07/09 17:42:02, 2] smbd/tdbutil.c:(42) tdb(/usr/local/samba/var/locks/brlock.tdb): tdb_mmap failed for size 696 (Resource temporarily unavailable) [2004/07/09 17:42:02, 2] smbd/tdbutil.c:(42) tdb(/usr/local/samba/var/locks/locking.tdb): tdb_mmap failed for size 696 (Resource temporarily unavailable) ... [2004/07/09 17:42:02, 2] smbd/tdbutil.c:(42) tdb(/usr/local/samba/var/locks/printing/printers.tdb): tdb_mmap failed for size 49152 (Resource temporarily unavailable) [2004/07/09 17:42:13, 2] smbd/tdbutil.c:(42) tdb(/usr/local/samba/var/locks/printing/printers.tdb): tdb_mmap failed for size 57344 (Resource temporarily unavailable) [2004/07/09 17:42:13, 0] lib/util.c:(1398) PANIC: i/o error on tdb. Files in question are NFS mounted (with 'root' access) if that matters, as I am trying this out on a test machine, not our real SMB system which is still running Solaris NetLink (on a different domain name). Any help appreciated! Mike. -- Mike Peterson -- Network Security Specialist -- U/Toronto Network Operations E-mail: mikep@noc.utoronto.ca WWW: http://www.noc.utoronto.ca/ Tel: 416-978-5230 Fax: 416-971-1362
On Wed, Jul 14, 2004 at 11:03:26PM +0100, Carl wrote:> Just Installed 3.0.5rc1 and the problem persists unfortunately,Ok, can you give me the smb.conf file and the directory and filenames you're using. I'll see if I can reproduce with the latest SVN code. Thanks, Jeremy.
Jeremy Allison
2004-Jul-20 22:18 UTC
[Samba] Re: String overflow in safe_strcpy - bug in documentation
On Tue, Jul 20, 2004 at 09:51:25PM +0200, Thomas Bork wrote:> Herb Lewis schrieb: > > >you can change "mangle prefix" to specify the number of characters you > >want to stay the same. Just remember the more letters that remain the > >same the more likely you will get a collision and slow things down. > > http://de.samba.org/samba/docs/man/smb.conf.5.html > > mangling method (G) > controls the algorithm used for the generating the mangled names. Can > take two different values, "hash" and "hash2". "hash" is the default and > ^^^^^^^^^^^^^^^^^^^^ > is the algorithm that has been used in Samba for many years. "hash2" is > a newer and considered a better algorithm (generates less collisions) in > the names. However, many Win32 applications store the mangled names and > so changing to the new algorithm must not be done lightly as these > applications may break unless reinstalled. > > Default: mangling method = hash2 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Example: mangling method = hash > > > But: > "hash" is not the default (this was in 2.2.x)Fixed in the SVN docs - thanks a *lot* ! Jeremy.
Carl Matthews
2004-Jul-26 09:21 UTC
[Samba] Re: String overflow in safe_strcpy - bug in documentation
Hi Jeremy, Ive been checking the svn for mangling fixes but didnt see any should i just add it to bugzilla so it theres a record of it? Cheers Carl.> On Tue, Jul 20, 2004 at 09:51:25PM +0200, Thomas Bork wrote: > >>Herb Lewis schrieb: >> >> >>>you can change "mangle prefix" to specify the number of characters you >>>want to stay the same. Just remember the more letters that remain the >>>same the more likely you will get a collision and slow things down. >> >>http://de.samba.org/samba/docs/man/smb.conf.5.html >> >>mangling method (G) >>controls the algorithm used for the generating the mangled names. Can >>take two different values, "hash" and "hash2". "hash" is the default and >> ^^^^^^^^^^^^^^^^^^^^ >>is the algorithm that has been used in Samba for many years. "hash2" is >>a newer and considered a better algorithm (generates less collisions) in >>the names. However, many Win32 applications store the mangled names and >>so changing to the new algorithm must not be done lightly as these >>applications may break unless reinstalled. >> >>Default: mangling method = hash2 >>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >>Example: mangling method = hash >> >> >>But: >>"hash" is not the default (this was in 2.2.x) > > > Fixed in the SVN docs - thanks a *lot* ! > > Jeremy.