| From efbf02111aa66bda9288506b7d5cc0226bf5453e Mon Sep 17 00:00:00 2001 |
| From: Daniel Stenberg <daniel@haxx.se> |
| Date: Sun, 12 Feb 2023 13:24:08 +0100 |
| Subject: [PATCH] smb: return error on upload without size |
| |
| The protocol needs to know the size ahead of time, this is now a known |
| restriction and not a bug. |
| |
| Also output a clearer error if the URL path does not contain proper |
| share. |
| |
| Ref: #7896 |
| Closes #10484 |
| |
| CVE: CVE-2023-28322 |
| Upstream-Status: Backport [https://github.com/curl/curl/commit/efbf02111aa66bda9288506b7d5cc0226bf5453e] |
| Comments: Hunks refreshed |
| Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> |
| --- |
| docs/KNOWN_BUGS | 5 ----- |
| docs/URL-SYNTAX.md | 3 +++ |
| lib/smb.c | 6 ++++++ |
| 3 files changed, 9 insertions(+), 5 deletions(-) |
| |
| diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS |
| index cbf5be352a279..a515e7a59bdfd 100644 |
| --- a/docs/KNOWN_BUGS |
| +++ b/docs/KNOWN_BUGS |
| @@ -58,7 +58,6 @@ |
| 5.7 Visual Studio project gaps |
| 5.8 configure finding libs in wrong directory |
| 5.9 Utilize Requires.private directives in libcurl.pc |
| - 5.10 curl hangs on SMB upload over stdin |
| 5.11 configure --with-gssapi with Heimdal is ignored on macOS |
| 5.12 flaky Windows CI builds |
| |
| @@ -332,10 +331,6 @@ problems may have been fixed or changed somewhat since this was written. |
| |
| https://github.com/curl/curl/issues/864 |
| |
| -5.10 curl hangs on SMB upload over stdin |
| - |
| - See https://github.com/curl/curl/issues/7896 |
| - |
| 5.11 configure --with-gssapi with Heimdal is ignored on macOS |
| |
| ... unless you also pass --with-gssapi-libs |
| diff --git a/docs/URL-SYNTAX.md b/docs/URL-SYNTAX.md |
| index 691fcceacd66c..802bbdef96979 100644 |
| --- a/docs/URL-SYNTAX.md |
| +++ b/docs/URL-SYNTAX.md |
| @@ -360,6 +360,9 @@ share and directory or the share to upload to and as such, may not be omitted. |
| If the user name is embedded in the URL then it must contain the domain name |
| and as such, the backslash must be URL encoded as %2f. |
| |
| +When uploading to SMB, the size of the file needs to be known ahead of time, |
| +meaning that you can upload a file passed to curl over a pipe like stdin. |
| + |
| curl supports SMB version 1 (only) |
| |
| ## SMTP |
| diff --git a/lib/smb.c b/lib/smb.c |
| index 8a76763c157ce..dc0abe784bcee 100644 |
| --- a/lib/smb.c |
| +++ b/lib/smb.c |
| @@ -763,6 +763,11 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) |
| void *msg = NULL; |
| const struct smb_nt_create_response *smb_m; |
| |
| + if(data->set.upload && (data->state.infilesize < 0)) { |
| + failf(data, "SMB upload needs to know the size up front"); |
| + return CURLE_SEND_ERROR; |
| + } |
| + |
| /* Start the request */ |
| if(req->state == SMB_REQUESTING) { |
| result = smb_send_tree_connect(data); |
| @@ -993,6 +998,7 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data, |
| /* The share must be present */ |
| if(!slash) { |
| Curl_safefree(smbc->share); |
| + failf(data, "missing share in URL path for SMB"); |
| return CURLE_URL_MALFORMAT; |
| } |