From 8c20cd8b4bd9f3f0a28c42686ff791ee88e78d31 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 11 Sep 2013 11:38:11 +0200 Subject: [PATCH] Fix handling of large number of volumes o ensure only a maximum of 255 volumes is returned o ensure the reply with the volume list fits in a certain buffer size, testing with 10.8.4 saw the maximum size the client would accept to be ~4600 bytes Fixes bug #527 --- NEWS | 1 + etc/afpd/volume.c | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index cbf24f7f..4760eda2 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,7 @@ Changes in 3.0.6 "follow symlinks" is enabled. Bug #532. * FIX: Disable Kerberos UAM if AFP service principal name can't be evaluated. Fixes bug #531. +* FIX: Fix handling of large number of volumes. Bug #527. Changes in 3.0.5 ================ diff --git a/etc/afpd/volume.c b/etc/afpd/volume.c index 5f0d8a37..4efa659f 100644 --- a/etc/afpd/volume.c +++ b/etc/afpd/volume.c @@ -535,7 +535,7 @@ int afp_getsrvrparms(AFPObj *obj, char *ibuf _U_, size_t ibuflen _U_, char *rbuf load_volumes(obj); data = rbuf + 5; - for ( vcnt = 0, volume = getvolumes(); volume; volume = volume->v_next ) { + for ( vcnt = 0, volume = getvolumes(); volume && vcnt < 255; volume = volume->v_next ) { if (!(volume->v_flags & AFPVOL_NOSTAT)) { struct maccess ma; @@ -562,6 +562,14 @@ int afp_getsrvrparms(AFPObj *obj, char *ibuf _U_, size_t ibuflen _U_, char *rbuf if (len == (size_t)-1) continue; + /* + * There seems to be an undocumented limit on how big our reply can get + * before the client chokes and closes the connection. + * Testing with 10.8.4 found the limit at ~4600 bytes. Go figure. + */ + if (((data + len + 3) - rbuf) > 4600) + break; + /* set password bit if there's a volume password */ *data = (volume->v_password) ? AFPSRVR_PASSWD : 0; -- 2.39.2