From 8463ab8a2efd0df218d137ca96f9b7bd2d701e31 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 23 Nov 2015 14:00:56 -0800 Subject: [PATCH] s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle. There are three issues: 1). The memcmp checking that the open file path has the open directory path as its parent compares using the wrong length (it uses the full open file path which will never compare as the same). 2). The files_below_forall() function doesn't fill in the callback function or callback data when calling share_mode_forall(), leading to a crash (which we never saw, as the previous issue (1) meant the callback function would never be invoked). 3). When invoking the callback function from files_below_forall_fn() we were passing in the wrong private_data pointer (needs to be the one from the state, not the private_data passed into files_below_forall_fn()). Found when running the torture test smb2.rename.rename_dir_openfile when fixing bug #11065. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11615 Signed-off-by: Jeremy Allison --- source3/smbd/dir.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 3f99f88..cfc1635 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1912,14 +1912,14 @@ static int files_below_forall_fn(struct file_id fid, return 0; } - if (memcmp(state->dirpath, fullpath, len) != 0) { + if (memcmp(state->dirpath, fullpath, state->dirpath_len) != 0) { /* * Not a parent */ return 0; } - return state->fn(fid, data, private_data); + return state->fn(fid, data, state->private_data); } static int files_below_forall(connection_struct *conn, @@ -1942,6 +1942,8 @@ static int files_below_forall(connection_struct *conn, return -1; } + state.fn = fn; + state.private_data = private_data; ret = share_mode_forall(files_below_forall_fn, &state); TALLOC_FREE(to_free); -- 2.6.0.rc2.230.g3dd15c0