From a970d45d1774b5b55bea23488035ca44de0cb7f2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 12 Jul 2018 12:18:50 -0700 Subject: [PATCH] s3: libsmbclient: Fix cli_splice() fallback when reading less than a complete file. We were always asking for SPLICE_BLOCK_SIZE even when the remaining bytes we wanted were smaller than that. This works when using cli_splice() on a complete file, as the cli_read() terminated the read at the right place. We always have the space to read SPLICE_BLOCK_SIZE bytes so this isn't an overflow. Found by Bailey Berro BUG: https://bugzilla.samba.org/show_bug.cgi?id=13527 Signed-off-by: Bailey Berro Reviewed-by: Jeremy Allison Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Fri Jul 13 14:57:14 CEST 2018 on sn-devel-144 (cherry picked from commit c9656fd2977557ab20ec4e3d87c385a9b2f1bf43) --- selftest/knownfail | 2 -- source3/libsmb/clireadwrite.c | 4 +++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index a3518b8b62b..ba16fd72290 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -16,8 +16,6 @@ ^samba3.*rap.sam.*.useradd # Not provided by Samba 3 ^samba3.*rap.sam.*.userdelete # Not provided by Samba 3 ^samba3.libsmbclient.opendir # This requires a workgroup called 'WORKGROUP' and for netbios browse lists to have been registered -^samba3.smbtorture_s3.plain\(fileserver\).CLI_SPLICE -^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).CLI_SPLICE # see bug 8412 ^samba3.smb2.rename.*.simple_nodelete ^samba3.smb2.rename.*.no_share_delete_no_delete_access diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 00ee09ece89..67870d8c40b 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -1462,8 +1462,10 @@ static NTSTATUS cli_splice_fallback(TALLOC_CTX *frame, *written = 0; while (remaining) { + size_t to_read = MIN(remaining, SPLICE_BLOCK_SIZE); + status = cli_read(srccli, src_fnum, - (char *)buf, src_offset, SPLICE_BLOCK_SIZE, + (char *)buf, src_offset, to_read, &nread); if (!NT_STATUS_IS_OK(status)) { return status; -- 2.47.2