This is how a correct dump of an empty sl_filemeta_t container should look like:
DALLOC_CTX(#1): {
sl_array_t(#3): {
uint64_t: 0x0023
CNIDs: unkn1: 0x0, unkn2: 0x0
DALLOC_CTX(#0): {
}
sl_filemeta_t(#0): {
}
}
}
This is basically the response from macOS mdssvc for a query that yields no
results: sl_filemeta_t is empty, the CNIDs array as well.
Looking at the raw packet data, the empty sl_filemeta_t container as a size of 8
bytes which fails the following check in sl_unpack_cpx():
case SQ_CPX_TYPE_FILEMETA:
...
if (tag.size < 16) {
*boom*
}
Only tag.size=0 is invalid, tag.size=8 denotes an empty container and tag.size>=16
denotes a sl_filemeta_t container with actual content must be unpacked by
calling sl_unpack(). Note that size is always a muliple of 8.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
if (offset == -1) {
return -1;
}
- if (tag.size < 16) {
+ if (tag.size < 8) {
DBG_WARNING("size too mall: %zu\n", tag.size);
return -1;
}
if (sl_fm == NULL) {
return -1;
}
- result = sl_unpack(sl_fm, buf + offset, bufsize - offset );
- if (result == -1) {
- return -1;
+
+ if (tag.size >= 16) {
+ result = sl_unpack(sl_fm,
+ buf + offset,
+ bufsize - offset );
+ if (result == -1) {
+ return -1;
+ }
}
result = dalloc_add(query, sl_fm, sl_filemeta_t);
if (result != 0) {
projects / thirdparty / samba.git / commitdiff
