I've got report that there is a regression introduced by 2.3.0+dfsg1-2+deb11u2. The issue is related to drive sharing and is reported to not working anymore. The reporter analysed the issue as: > Drive sharing does not work for us any longer using version 2.3.0+dfsg1-2+deb11u2, but it works using 2.3.0+dfsg1-2+deb11u1 or 2.10.0+dfsg1-1~bpo11+1 > > In debian/patches/0057-CVE-2022-41877.patch the following define is included, which is not found in upstream (as in newer versions a real function is defined). > +#define Stream_CheckAndLogRequiredLength(tag, s, len) \ > + Stream_CheckAndLogRequiredLengthWLogEx(WLog_Get(tag), WLOG_WARN, s, len, "%s(%s:%" PRIuz ")", __FUNCTION__, \ > + __FILE__, __LINE__) > > The function Stream_CheckAndLogRequiredLengthWLogEx is defined in winpr/libwinpr/utils/stream.c: > BOOL Stream_CheckAndLogRequiredLengthWLogEx(wLog* log, DWORD level, wStream* s, size_t nmemb, > size_t size, const char* fmt, ...) > > I think the define missed passing on the parameter for 'size', which I guess should be 1, from reading upstream sources. > This leads to error messages like > [drive_process_irp_query_directory] invalid length, got 0, require at least 6 [element size=140103248640086] I will look into the issue ASAP. -- tobi
Attachment:
signature.asc
Description: PGP signature