From: Volker Lendecke <vl@samba.org>
Date: Wed, 27 Apr 2016 10:15:37 +0000 (+0200)
Subject: smbd: Avoid large reads beyond EOF
X-Git-Tag: talloc-2.1.7~119
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=10b0a8baa25fab70df8e6c5f0048ce0963211517;p=thirdparty%2Fsamba.git

smbd: Avoid large reads beyond EOF

With unix extensions and oplocks=no mount.cifs from jessie reads beyond the
file end forever, and we are happy to return zeros....

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11878

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 23:57:56 CEST 2016 on sn-devel-144
---

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index cbe15a38c35..e0e55c62c2d 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4100,6 +4100,16 @@ normal_read:
 		uint8_t headerbuf[smb_size + 2*12 + 1 /* padding byte */];
 		ssize_t ret;
 
+		if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
+		    (startpos > fsp->fsp_name->st.st_ex_size) ||
+		    (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
+			/*
+			 * We already know that we would do a short
+			 * read, so don't try the sendfile() path.
+			 */
+			goto nosendfile_read;
+		}
+
 		construct_reply_common_req(req, (char *)headerbuf);
 		setup_readX_header(req, (char *)headerbuf, smb_maxcnt);