From b2e2b33865acb3eac2973dea5097bd31151f4b02 Mon Sep 17 00:00:00 2001 From: Justin Maggard Date: Wed, 30 Aug 2017 17:36:43 -0700 Subject: [PATCH] s3: vfs: Pass a valid fsp to SMB_VFS_GET_COMPRESSION We need to pass a valid fsp to SMB_VFS_GET_COMPRESSION(), or we will crash. If we combine vfs_btrfs with (at least) vfs_catia or vfs_streams_xattr, we hit a NULL pointer in vfs_memctx_fsp_extension(). This appears to be because vfs_btrfs enables compression support, and when MacOS connects it calls dos_mode_check_compressed() which calls SMB_VFS_GET_COMPRESSION with a NULL files_struct pointer. This gets passed around until it finally gets dereferenced in vfs_memctx_fsp_extension(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003 Signed-off-by: Justin Maggard Reviewed-by: Jeremy Allison --- source3/smbd/dosmode.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 3181f2e78a9..6e0ab1bbda1 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -579,14 +579,27 @@ static NTSTATUS dos_mode_check_compressed(connection_struct *conn, { NTSTATUS status; uint16_t compression_fmt; + bool need_close = false; + files_struct *fsp = NULL; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { status = NT_STATUS_NO_MEMORY; goto err_out; } - status = SMB_VFS_GET_COMPRESSION(conn, tmp_ctx, NULL, smb_fname, + status = get_file_handle_for_metadata(conn, + smb_fname, + &fsp, + &need_close); + if (!NT_STATUS_IS_OK(status)) { + goto err_ctx_free; + } + + status = SMB_VFS_GET_COMPRESSION(conn, tmp_ctx, fsp, smb_fname, &compression_fmt); + if (need_close) { + close_file(NULL, fsp, NORMAL_CLOSE); + } if (!NT_STATUS_IS_OK(status)) { goto err_ctx_free; } -- 2.14.1.581.gf28d330327-goog