From bc234a183fbdade83a2c0e158ef9d91c83ea5ab6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 14 Jun 2018 10:12:03 -0700 Subject: [PATCH] pysmbd: Don't return an ACL on a freed talloc_stackframe. Signed-off-by: Jeremy Allison --- source3/smbd/pysmbd.c | 51 +++++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 4e4299ca5d7..5e35a6201eb 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -260,106 +260,105 @@ static int set_acl_entry_perms(SMB_ACL_ENTRY_T entry, mode_t perm_mask) return 0; } -static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) +static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx, + gid_t gid, + mode_t chmod_mode) { - TALLOC_CTX *frame = talloc_stackframe(); - mode_t mode = SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE; mode_t mode_user = (chmod_mode & 0700) >> 6; mode_t mode_group = (chmod_mode & 070) >> 3; mode_t mode_other = chmod_mode & 07; SMB_ACL_ENTRY_T entry; - SMB_ACL_T acl = sys_acl_init(frame); + SMB_ACL_T acl = sys_acl_init(mem_ctx); if (!acl) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_create_entry(&acl, &entry) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_set_tag_type(entry, SMB_ACL_USER_OBJ) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (set_acl_entry_perms(entry, mode_user) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_create_entry(&acl, &entry) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP_OBJ) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (set_acl_entry_perms(entry, mode_group) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_create_entry(&acl, &entry) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_set_tag_type(entry, SMB_ACL_OTHER) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (set_acl_entry_perms(entry, mode_other) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (gid != -1) { if (sys_acl_create_entry(&acl, &entry) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_set_tag_type(entry, SMB_ACL_GROUP) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_set_qualifier(entry, &gid) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (set_acl_entry_perms(entry, mode_group) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } } if (sys_acl_create_entry(&acl, &entry) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (sys_acl_set_tag_type(entry, SMB_ACL_MASK) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } if (set_acl_entry_perms(entry, mode) != 0) { - TALLOC_FREE(frame); + TALLOC_FREE(acl); return NULL; } - TALLOC_FREE(frame); return acl; } @@ -381,10 +380,14 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject &fname, &mode, &gid, &service)) return NULL; - acl = make_simple_acl(gid, mode); - frame = talloc_stackframe(); + acl = make_simple_acl(frame, gid, mode); + if (acl == NULL) { + TALLOC_FREE(frame); + return NULL; + } + conn = get_conn_tos(service); if (!conn) { TALLOC_FREE(frame); -- 2.18.0.rc1.244.gcf134e6275-goog