1 diff -ur samba-2.0.10/source/include/smb.h samba-2.0.10-security/source/include/smb.h
2 --- samba-2.0.10/source/include/smb.h 2001-06-23 12:52:20.000000000 +0400
3 +++ samba-2.0.10-security/source/include/smb.h 2005-05-21 21:51:17.206995728 +0400
5 #define ERRlock 33 /* Lock request conflicts with existing lock */
6 #define ERRunsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */
7 #define ERRfilexists 80 /* File in operation already exists */
8 +#define ERRinvalidparam 87
9 #define ERRcannotopen 110 /* Cannot open the file specified */
10 #define ERRunknownlevel 124
14 #define SAFE_NETBIOS_CHARS ". -_"
17 +#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0)
20 diff -ur samba-2.0.10/source/include/version.h samba-2.0.10-security/source/include/version.h
21 --- samba-2.0.10/source/include/version.h 2001-06-23 17:23:59.000000000 +0400
22 +++ samba-2.0.10-security/source/include/version.h 2005-05-21 21:51:17.227992536 +0400
24 -#define VERSION "2.0.10"
25 +#define VERSION "2.0.10-security-rollup"
26 diff -ur samba-2.0.10/source/smbd/filename.c samba-2.0.10-security/source/smbd/filename.c
27 --- samba-2.0.10/source/smbd/filename.c 2000-03-17 01:59:44.000000000 +0300
28 +++ samba-2.0.10-security/source/smbd/filename.c 2005-05-21 21:51:17.403965784 +0400
30 * StrnCpy always null terminates.
33 - StrnCpy(orig_name, full_orig_name, namelen);
34 + StrnCpy(orig_name, full_orig_name, MIN(namelen, sizeof(orig_name)-1));
36 strupper( orig_name );
38 diff -ur samba-2.0.10/source/smbd/ipc.c samba-2.0.10-security/source/smbd/ipc.c
39 --- samba-2.0.10/source/smbd/ipc.c 2000-03-30 02:20:06.000000000 +0400
40 +++ samba-2.0.10-security/source/smbd/ipc.c 2005-05-21 21:51:17.269986152 +0400
41 @@ -3550,18 +3550,18 @@
44 uint16 vuid = SVAL(inbuf,smb_uid);
45 - int tpscnt = SVAL(inbuf,smb_vwv0);
46 - int tdscnt = SVAL(inbuf,smb_vwv1);
47 - int mprcnt = SVAL(inbuf,smb_vwv2);
48 - int mdrcnt = SVAL(inbuf,smb_vwv3);
49 - int msrcnt = CVAL(inbuf,smb_vwv4);
50 + unsigned int tpscnt = SVAL(inbuf,smb_vwv0);
51 + unsigned int tdscnt = SVAL(inbuf,smb_vwv1);
52 + unsigned int mprcnt = SVAL(inbuf,smb_vwv2);
53 + unsigned int mdrcnt = SVAL(inbuf,smb_vwv3);
54 + unsigned int msrcnt = CVAL(inbuf,smb_vwv4);
55 BOOL close_on_completion = BITSETW(inbuf+smb_vwv5,0);
56 BOOL one_way = BITSETW(inbuf+smb_vwv5,1);
57 - int pscnt = SVAL(inbuf,smb_vwv9);
58 - int psoff = SVAL(inbuf,smb_vwv10);
59 - int dscnt = SVAL(inbuf,smb_vwv11);
60 - int dsoff = SVAL(inbuf,smb_vwv12);
61 - int suwcnt = CVAL(inbuf,smb_vwv13);
62 + unsigned int pscnt = SVAL(inbuf,smb_vwv9);
63 + unsigned int psoff = SVAL(inbuf,smb_vwv10);
64 + unsigned int dscnt = SVAL(inbuf,smb_vwv11);
65 + unsigned int dsoff = SVAL(inbuf,smb_vwv12);
66 + unsigned int suwcnt = CVAL(inbuf,smb_vwv13);
68 memset(name, '\0',sizeof(name));
69 fstrcpy(name,smb_buf(inbuf));
70 @@ -3572,31 +3572,48 @@
73 if((data = (char *)malloc(tdscnt)) == NULL) {
74 - DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
75 + DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
76 return(ERROR(ERRDOS,ERRnomem));
78 + if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
80 + if (smb_base(inbuf)+dsoff+dscnt > inbuf + size)
83 memcpy(data,smb_base(inbuf)+dsoff,dscnt);
87 if((params = (char *)malloc(tpscnt)) == NULL) {
88 - DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
89 + DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
91 return(ERROR(ERRDOS,ERRnomem));
93 + if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
95 + if (smb_base(inbuf)+psoff+pscnt > inbuf + size)
98 memcpy(params,smb_base(inbuf)+psoff,pscnt);
103 if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
104 - DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", (int)(suwcnt * sizeof(uint16))));
105 - return(ERROR(ERRDOS,ERRnomem));
107 + DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
110 + return(ERROR(ERRDOS,ERRnomem));
112 + if (inbuf+smb_vwv14+(suwcnt*SIZEOFWORD) > inbuf + size)
114 + if ((smb_vwv14+(suwcnt*SIZEOFWORD) < smb_vwv14) || (smb_vwv14+(suwcnt*SIZEOFWORD) < (suwcnt*SIZEOFWORD)))
117 for (i=0;i<suwcnt;i++)
118 setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
122 if (pscnt < tpscnt || dscnt < tdscnt) {
123 /* We need to send an interim response then receive the rest
124 of the parameter/data bytes */
125 @@ -3608,7 +3625,7 @@
126 /* receive the rest of the trans packet */
127 while (pscnt < tpscnt || dscnt < tdscnt) {
129 - int pcnt,poff,dcnt,doff,pdisp,ddisp;
130 + unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp;
132 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
134 @@ -3619,19 +3636,19 @@
135 DEBUG(0,("reply_trans: %s in getting secondary trans response.\n",
136 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
147 return(ERROR(ERRSRV,ERRerror));
152 - tpscnt = SVAL(inbuf,smb_vwv0);
153 - tdscnt = SVAL(inbuf,smb_vwv1);
154 + /* Revise total_params and total_data in case they have changed downwards */
155 + if (SVAL(inbuf,smb_vwv0) < tpscnt)
156 + tpscnt = SVAL(inbuf,smb_vwv0);
157 + if (SVAL(inbuf,smb_vwv1) < tdscnt)
158 + tdscnt = SVAL(inbuf,smb_vwv1);
160 pcnt = SVAL(inbuf,smb_vwv2);
161 poff = SVAL(inbuf,smb_vwv3);
162 @@ -3644,17 +3661,36 @@
166 - if (dscnt > tdscnt || pscnt > tpscnt) {
167 - exit_server("invalid trans parameters\n");
169 + if (dscnt > tdscnt || pscnt > tpscnt)
174 + if (pdisp+pcnt >= tpscnt)
176 + if ((pdisp+pcnt < pdisp) || (pdisp+pcnt < pcnt))
178 + if (smb_base(inbuf) + poff + pcnt >= inbuf + bufsize)
180 + if (params + pdisp < params)
183 memcpy(params+pdisp,smb_base(inbuf)+poff,pcnt);
188 + if (ddisp+dcnt >= tdscnt)
190 + if ((ddisp+dcnt < ddisp) || (ddisp+dcnt < dcnt))
192 + if (smb_base(inbuf) + doff + dcnt >= inbuf + bufsize)
194 + if (data + ddisp < data)
197 memcpy(data+ddisp,smb_base(inbuf)+doff,dcnt);
203 DEBUG(3,("trans <%s> data=%d params=%d setup=%d\n",
204 name,tdscnt,tpscnt,suwcnt));
206 @@ -3694,4 +3730,12 @@
207 return(ERROR(ERRSRV,ERRnosupport));
213 + DEBUG(0,("reply_trans: invalid trans parameters\n"));
217 + return(ERROR(ERRSRV,ERRerror));
219 diff -ur samba-2.0.10/source/smbd/nttrans.c samba-2.0.10-security/source/smbd/nttrans.c
220 --- samba-2.0.10/source/smbd/nttrans.c 2000-04-24 21:27:30.000000000 +0400
221 +++ samba-2.0.10-security/source/smbd/nttrans.c 2005-05-21 21:51:17.314979312 +0400
222 @@ -2575,11 +2575,14 @@
223 params = (char *)malloc(total_parameter_count);
224 if (total_data_count > 0)
225 data = (char *)malloc(total_data_count);
228 if ((total_parameter_count && !params) || (total_data_count && !data) ||
229 (setup_count && !setup)) {
233 DEBUG(0,("reply_nttrans : Out of memory\n"));
234 - return(ERROR(ERRDOS,ERRnomem));
235 + return ERROR(ERRDOS,ERRnomem);
238 /* Copy the param and data bytes sent with this request into
239 @@ -2588,64 +2591,112 @@
240 num_data_sofar = data_count;
242 if (parameter_count > total_parameter_count || data_count > total_data_count)
243 - exit_server("reply_nttrans: invalid sizes in packet.\n");
247 - memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
248 DEBUG(10,("reply_nttrans: setup_count = %d\n", setup_count));
249 - dump_data(10, setup, setup_count);
250 + if ((smb_nt_SetupStart + setup_count < smb_nt_SetupStart) ||
251 + (smb_nt_SetupStart + setup_count < setup_count))
253 + if (smb_nt_SetupStart + setup_count > length)
256 + memcpy( setup, &inbuf[smb_nt_SetupStart], setup_count);
259 - memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
260 DEBUG(10,("reply_nttrans: parameter_count = %d\n", parameter_count));
261 - dump_data(10, params, parameter_count);
262 + if ((parameter_offset + parameter_count < parameter_offset) ||
263 + (parameter_offset + parameter_count < parameter_count))
265 + if (smb_base(inbuf) + parameter_offset + parameter_count > inbuf + length)
268 + memcpy( params, smb_base(inbuf) + parameter_offset, parameter_count);
271 - memcpy( data, smb_base(inbuf) + data_offset, data_count);
272 DEBUG(10,("reply_nttrans: data_count = %d\n",data_count));
273 - dump_data(10, data, data_count);
274 + if ((data_offset + data_count < data_offset) || (data_offset + data_count < data_count))
276 + if (smb_base(inbuf) + data_offset + data_count > inbuf + length)
279 + memcpy( data, smb_base(inbuf) + data_offset, data_count);
283 if(num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
284 /* We need to send an interim response then receive the rest
285 of the parameter/data bytes */
286 outsize = set_message(outbuf,0,0,True);
287 - send_smb(Client,outbuf);
288 + if (!send_smb(Client,outbuf))
289 + exit_server("reply_nttrans: send_smb failed.");
291 while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
294 + uint32 parameter_displacement;
295 + uint32 data_displacement;
297 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
300 if((ret && (CVAL(inbuf, smb_com) != SMBnttranss)) || !ret) {
301 - outsize = set_message(outbuf,0,0,True);
303 - DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
305 - DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
306 - (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
307 + outsize = set_message(outbuf,0,0,True);
309 + DEBUG(0,("reply_nttrans: Invalid secondary nttrans packet\n"));
311 + DEBUG(0,("reply_nttrans: %s in getting secondary nttrans response.\n",
312 + (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
320 - return(ERROR(ERRSRV,ERRerror));
324 /* Revise total_params and total_data in case they have changed downwards */
325 - total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
326 - total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
327 - num_params_sofar += (parameter_count = IVAL(inbuf,smb_nts_ParameterCount));
328 - num_data_sofar += ( data_count = IVAL(inbuf, smb_nts_DataCount));
329 - if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count)
330 - exit_server("reply_nttrans2: data overflow in secondary nttrans packet\n");
332 - memcpy( ¶ms[ IVAL(inbuf, smb_nts_ParameterDisplacement)],
333 - smb_base(inbuf) + IVAL(inbuf, smb_nts_ParameterOffset), parameter_count);
334 - memcpy( &data[IVAL(inbuf, smb_nts_DataDisplacement)],
335 - smb_base(inbuf)+ IVAL(inbuf, smb_nts_DataOffset), data_count);
336 + if (IVAL(inbuf, smb_nts_TotalParameterCount) < total_parameter_count)
337 + total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
338 + if (IVAL(inbuf, smb_nts_TotalDataCount) < total_data_count)
339 + total_data_count = IVAL(inbuf, smb_nts_TotalDataCount);
341 + parameter_count = IVAL(inbuf,smb_nts_ParameterCount);
342 + parameter_offset = IVAL(inbuf, smb_nts_ParameterOffset);
343 + parameter_displacement = IVAL(inbuf, smb_nts_ParameterDisplacement);
344 + num_params_sofar += parameter_count;
346 + data_count = IVAL(inbuf, smb_nts_DataCount);
347 + data_displacement = IVAL(inbuf, smb_nts_DataDisplacement);
348 + data_offset = IVAL(inbuf, smb_nts_DataOffset);
349 + num_data_sofar += data_count;
351 + if (num_params_sofar > total_parameter_count || num_data_sofar > total_data_count) {
352 + DEBUG(0,("reply_nttrans2: data overflow in secondary nttrans packet"));
356 + if (parameter_count) {
357 + if (parameter_displacement + parameter_count >= total_parameter_count)
359 + if ((parameter_displacement + parameter_count < parameter_displacement) ||
360 + (parameter_displacement + parameter_count < parameter_count))
362 + if (smb_base(inbuf) + parameter_offset + parameter_count >= inbuf + bufsize)
364 + if (params + parameter_displacement < params)
367 + memcpy( ¶ms[parameter_displacement], smb_base(inbuf) + parameter_offset, parameter_count);
371 + if (data_displacement + data_count >= total_data_count)
373 + if ((data_displacement + data_count < data_displacement) ||
374 + (data_displacement + data_count < data_count))
376 + if (smb_base(inbuf) + data_offset + data_count >= inbuf + bufsize)
378 + if (data + data_displacement < data)
381 + memcpy( &data[data_displacement], smb_base(inbuf)+ data_offset, data_count);
386 @@ -2714,4 +2765,10 @@
387 return outsize; /* If a correct response was needed the call_nt_transact_xxxx
388 calls have already sent it. If outsize != -1 then it is
389 returning an error packet. */
395 + return ERROR(ERRDOS,ERRinvalidparam);
397 diff -ur samba-2.0.10/source/smbd/password.c samba-2.0.10-security/source/smbd/password.c
398 --- samba-2.0.10/source/smbd/password.c 2000-03-17 01:59:48.000000000 +0300
399 +++ samba-2.0.10-security/source/smbd/password.c 2005-05-21 21:51:17.336975968 +0400
401 if (!ok && lp_username(snum)) {
404 - StrnCpy(user_list,lp_username(snum),sizeof(pstring));
405 + StrnCpy(user_list,lp_username(snum),sizeof(pstring)-1);
407 pstring_sub(user_list,"%S",lp_servicename(snum));
409 diff -ur samba-2.0.10/source/smbd/reply.c samba-2.0.10-security/source/smbd/reply.c
410 --- samba-2.0.10/source/smbd/reply.c 2001-06-23 12:51:24.000000000 +0400
411 +++ samba-2.0.10-security/source/smbd/reply.c 2005-05-21 21:51:17.378969584 +0400
412 @@ -1413,6 +1413,9 @@
414 for (i=numentries;(i<maxentries) && !finished;i++)
416 + /* check to make sure we have room in the buffer */
417 + if ( ((PTR_DIFF(p, outbuf))+DIR_STRUCT_SIZE) > BUFFER_SIZE )
420 !get_dir_entry(conn,mask,dirtype,fname,&size,&mode,&date,check_descend);
422 @@ -3122,6 +3125,9 @@
425 for (i=first;i<first+num_to_get;i++) {
426 + /* check to make sure we have room in the buffer */
427 + if ( (PTR_DIFF(p, outbuf)+28) > BUFFER_SIZE )
429 put_dos_date2(p,0,queue[i].time);
430 CVAL(p,4) = (queue[i].status==LPQ_PRINTING?2:3);
431 SSVAL(p,5,printjob_encode(SNUM(conn),
432 diff -ur samba-2.0.10/source/smbd/trans2.c samba-2.0.10-security/source/smbd/trans2.c
433 --- samba-2.0.10/source/smbd/trans2.c 2000-04-24 21:27:31.000000000 +0400
434 +++ samba-2.0.10-security/source/smbd/trans2.c 2005-05-21 21:51:17.402965936 +0400
436 int16 open_ofun = SVAL(params,12);
437 int32 open_size = IVAL(params,14);
438 char *pname = ¶ms[28];
439 - int16 namelen = strlen(pname)+1;
444 BOOL bad_path = False;
447 - StrnCpy(fname,pname,namelen);
448 + pstrcpy(fname,pname);
450 DEBUG(3,("trans2open %s mode=%d attr=%d ofun=%d size=%d\n",
451 fname,open_mode, open_attr, open_ofun, open_size));
452 @@ -2185,7 +2184,7 @@
453 unsigned int suwcnt = SVAL(inbuf, smb_suwcnt);
454 unsigned int tran_call = SVAL(inbuf, smb_setup0);
455 char *params = NULL, *data = NULL;
456 - int num_params, num_params_sofar, num_data, num_data_sofar;
457 + unsigned int num_params, num_params_sofar, num_data, num_data_sofar;
459 if(global_oplock_break && (tran_call == TRANSACT2_OPEN)) {
460 /* Queue this open message as we are the process of an
461 @@ -2203,8 +2202,9 @@
462 /* All trans2 messages we handle have smb_sucnt == 1 - ensure this
463 is so as a sanity check */
465 - DEBUG(2,("Invalid smb_sucnt in trans2 call\n"));
466 - return(ERROR(ERRSRV,ERRerror));
467 + DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",suwcnt));
468 + DEBUG(2,("Transaction is %d\n",tran_call));
469 + ERROR(ERRDOS,ERRinvalidparam);
472 /* Allocate the space for the maximum needed parameters and data */
473 @@ -2215,11 +2215,9 @@
475 if ((total_params && !params) || (total_data && !data)) {
476 DEBUG(2,("Out of memory in reply_trans2\n"));
481 - return(ERROR(ERRDOS,ERRnomem));
484 + return ERROR(ERRDOS,ERRnomem);
487 /* Copy the param and data bytes sent with this request into
488 @@ -2230,20 +2228,37 @@
489 if (num_params > total_params || num_data > total_data)
490 exit_server("invalid params in reply_trans2");
493 - memcpy( params, smb_base(inbuf) + SVAL(inbuf, smb_psoff), num_params);
495 - memcpy( data, smb_base(inbuf) + SVAL(inbuf, smb_dsoff), num_data);
497 + unsigned int psoff = SVAL(inbuf, smb_psoff);
498 + if ((psoff + num_params < psoff) || (psoff + num_params < num_params))
500 + if (smb_base(inbuf) + psoff + num_params > inbuf + length)
502 + memcpy( params, smb_base(inbuf) + psoff, num_params);
505 + unsigned int dsoff = SVAL(inbuf, smb_dsoff);
506 + if ((dsoff + num_data < dsoff) || (dsoff + num_data < num_data))
508 + if (smb_base(inbuf) + dsoff + num_data > inbuf + length)
510 + memcpy( data, smb_base(inbuf) + dsoff, num_data);
513 if(num_data_sofar < total_data || num_params_sofar < total_params) {
514 /* We need to send an interim response then receive the rest
515 of the parameter/data bytes */
516 outsize = set_message(outbuf,0,0,True);
517 - send_smb(Client,outbuf);
518 + if (!send_smb(Client,outbuf))
519 + exit_server("reply_trans2: send_smb failed.");
521 while (num_data_sofar < total_data ||
522 num_params_sofar < total_params) {
524 + unsigned int param_disp;
525 + unsigned int param_off;
526 + unsigned int data_disp;
527 + unsigned int data_off;
529 ret = receive_next_smb(inbuf,bufsize,SMB_SECONDARY_WAIT);
531 @@ -2255,26 +2270,55 @@
533 DEBUG(0,("reply_trans2: %s in getting secondary trans2 response.\n",
534 (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
539 - return(ERROR(ERRSRV,ERRerror));
543 /* Revise total_params and total_data in case
544 they have changed downwards */
545 - total_params = SVAL(inbuf, smb_tpscnt);
546 - total_data = SVAL(inbuf, smb_tdscnt);
547 - num_params_sofar += (num_params = SVAL(inbuf,smb_spscnt));
548 - num_data_sofar += ( num_data = SVAL(inbuf, smb_sdscnt));
549 + if (SVAL(inbuf, smb_tpscnt) < total_params)
550 + total_params = SVAL(inbuf, smb_tpscnt);
551 + if (SVAL(inbuf, smb_tdscnt) < total_data)
552 + total_data = SVAL(inbuf, smb_tdscnt);
554 + num_params = SVAL(inbuf,smb_spscnt);
555 + param_off = SVAL(inbuf, smb_spsoff);
556 + param_disp = SVAL(inbuf, smb_spsdisp);
557 + num_params_sofar += num_params;
559 + num_data = SVAL(inbuf, smb_sdscnt);
560 + data_off = SVAL(inbuf, smb_sdsoff);
561 + data_disp = SVAL(inbuf, smb_sdsdisp);
562 + num_data_sofar += num_data;
564 if (num_params_sofar > total_params || num_data_sofar > total_data)
565 - exit_server("data overflow in trans2");
568 - memcpy( ¶ms[ SVAL(inbuf, smb_spsdisp)],
569 - smb_base(inbuf) + SVAL(inbuf, smb_spsoff), num_params);
570 - memcpy( &data[SVAL(inbuf, smb_sdsdisp)],
571 - smb_base(inbuf)+ SVAL(inbuf, smb_sdsoff), num_data);
573 + if (param_disp + num_params >= total_params)
575 + if ((param_disp + num_params < param_disp) ||
576 + (param_disp + num_params < num_params))
578 + if (smb_base(inbuf) + param_off + num_params >= inbuf + bufsize)
580 + if (params + param_disp < params)
583 + memcpy( ¶ms[param_disp], smb_base(inbuf) + param_off, num_params);
586 + if (data_disp + num_data >= total_data)
588 + if ((data_disp + num_data < data_disp) ||
589 + (data_disp + num_data < num_data))
591 + if (smb_base(inbuf) + data_off + num_data >= inbuf + bufsize)
593 + if (data + data_disp < data)
596 + memcpy( &data[data_disp], smb_base(inbuf) + data_off, num_data);
601 @@ -2367,4 +2411,10 @@
602 return outsize; /* If a correct response was needed the
603 call_trans2xxx calls have already sent
604 it. If outsize != -1 then it is returning */
610 + return (ERROR(ERRDOS,ERRinvalidparam));
projects / openwrt.git / blob