From owner-freebsd-ports-bugs@freebsd.org Thu May 24 14:50:16 2018 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76281EF3A7E for ; Thu, 24 May 2018 14:50:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 06E6F6FD27 for ; Thu, 24 May 2018 14:50:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id BB924EF3A7D; Thu, 24 May 2018 14:50:15 +0000 (UTC) Delivered-To: ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98FABEF3A7C for ; Thu, 24 May 2018 14:50:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 31A796FD26 for ; Thu, 24 May 2018 14:50:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 56BFAAF24 for ; Thu, 24 May 2018 14:50:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4OEoE56031410 for ; Thu, 24 May 2018 14:50:14 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4OEoEXI031409 for ports-bugs@FreeBSD.org; Thu, 24 May 2018 14:50:14 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 228462] Samba's vfs_streams_xattr triggers corruption of first byte in AFP_AfpInfo stream/xattr Date: Thu, 24 May 2018 14:50:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: slow@samba.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 14:50:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228462 Bug ID: 228462 Summary: Samba's vfs_streams_xattr triggers corruption of first byte in AFP_AfpInfo stream/xattr Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: slow@samba.org The Samba FreeBSD port patch https://svnweb.freebsd.org/ports/head/net/samba47/files/patch-source3__modu= les__vfs_streams_xattr.c?revision=3D464431&view=3Dmarkup changes vfs_streams_xattr to not read and write an additional trailing byte= (cf the comment lines containing "// ? -1" in the patch), but when creating a stream the trailing byte is still stored (cf streams_xattr_open() the code after the comment "Darn, xattrs need at least 1 byte"). Due to a vicious interaction with a bug that is present in the latest macOS 10.13.4 (not sure about earlier versions) what happens is this: - the client send a request to create a stream "file:AFP_AfpInfo" - the server creates the xattr for the stream and writes a 0 byte - the client sends a request to read 60 bytes at offset 0 from the stream - the server returns a one byte sized buffer containing a 0 instead of returning nread=3D0 and status=3DNT_STATUS_END_OF_FILE - the final nail in the coffin is that the client, when writing the AFP_Afp= Info blob whos first four byte start with a magic string "AFP" takes the 0 byte = the server returned and overwrites the first byte of the magic string The fix for this twofold: first, we must fix vfs_streams_xattr to not store= an initial zero byte when creating an xattr. Second, we must prepare vfs_fruit= to allow such broken AFP_AfpInfo blobs, otherwise users who adding vfs_fruit r= un into the issue that vfs_fruit has a builtin check for the magic string... Have patch, need bug number... Fwiw, this is a bug only present in the FreeBSD Samba port. --=20 You are receiving this mail because: You are the assignee for the bug.=