kern/90815: SMBFS with character conversions sometimes hangs

[Rudolf Cejka]

>Number:         90815
>Category:       kern
>Synopsis:       SMBFS with character conversions sometimes hangs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 22 17:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Rudolf Cejka
>Release:        6.0-STABLE #11: Thu Dec 22 17:12:43 CET 2005
>Organization:
FIT, Brno University of Technology, Czech Republic
>Environment:

>Description:

If I mount smb fs with mount_smbfs -Eiso8859-2:cp852 -Lcs_CZ.ISO8859-2 ...
and there are some file/directory names, where some characters could not
be converted, directory tree traversion hangs. It is because iconv_xxx()
function returns -1, which is forwarded to the upper layer, where -1
is incorrectly taken as ERESTART and path conversion is restarted from
the beginning, which results in infinite loop.

>How-To-Repeat:

Try to mount some smb fs with character conversions (for example, I do
use -Eiso8859-2:cp852,-Lcs_CZ.ISO8859-2), where iconv could not convert
all characters in file/directory names and try to run find . on mounted
directory - it should hang when it finds nonconvertible file/directory
name (maybe it "works" just for directory names, which is the case
where I tried to find the problem).

>Fix:

I'm currently trying the following patch, which fixes the hang problem,
however I'm not sure, how much is it really correct.

--- sys/netsmb/smb_subr.c.orig	Thu Dec 22 16:52:55 2005
+++ sys/netsmb/smb_subr.c	Thu Dec 22 17:11:19 2005
@@ -323,7 +323,10 @@
 {
 	size_t outlen = len;
 
-	return iconv_conv((struct iconv_drv*)mbp->mb_udata, &src, &len, &dst, &outlen);
+	if (iconv_conv((struct iconv_drv*)mbp->mb_udata,
+	    &src, &len, &dst, &outlen) == -1)
+		bcopy(src, dst, len);
+	return 0;
 }
 
 int
>Release-Note:
>Audit-Trail:
>Unformatted: