smbd: Avoid large reads beyond EOF

With unix extensions and oplocks=no mount.cifs from jessie reads beyond the
file end forever, and we are happy to return zeros....

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11878

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 23:57:56 CEST 2016 on sn-devel-144

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index cbe15a38c3524978abca5e406a459276a513e4e5..e0e55c62c2d5ef817522080030325f7af5c87d04 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4100,6 +4100,16 @@ normal_read:
                uint8_t headerbuf[smb_size + 2*12 + 1 /* padding byte */];
                ssize_t ret;
 
+               if (!S_ISREG(fsp->fsp_name->st.st_ex_mode) ||
+                   (startpos > fsp->fsp_name->st.st_ex_size) ||
+                   (smb_maxcnt > (fsp->fsp_name->st.st_ex_size - startpos))) {
+                       /*
+                        * We already know that we would do a short
+                        * read, so don't try the sendfile() path.
+                        */
+                       goto nosendfile_read;
+               }
+
                construct_reply_common_req(req, (char *)headerbuf);
                setup_readX_header(req, (char *)headerbuf, smb_maxcnt);