[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Thu Oct 1 06:59:02 UTC 2015 

The branch, master has been updated
       via  f9ceaf4 s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).
       via  bec685f s3: smbd: fix a crash in unix_convert()
      from  00954a9 lib: We can do ACCRIGHTS style fdpassing

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f9ceaf443991e0bb5db23eeced2841436f47359e
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 30 17:12:11 2015 -0700

    s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).
    
    Ensure dirpath can never be NULL.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Thu Oct  1 08:58:36 CEST 2015 on sn-devel-104

commit bec685fb13e7cbe3bb98e5647183720d31f1c522
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Sep 25 21:06:57 2015 +0200

    s3: smbd: fix a crash in unix_convert()
    
    Some error code paths may result in dirpath being NULL.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/filename.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 3ed60e2..555658d 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -388,6 +388,12 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 					status = map_nt_error_from_unix(errno);
 					goto err;
 				}
+				/* dirpath must exist. */
+				dirpath = talloc_strdup(ctx,"");
+				if (dirpath == NULL) {
+					status = NT_STATUS_NO_MEMORY;
+					goto err;
+				}
 				DEBUG(5, ("conversion finished %s -> %s\n",
 					orig_path,
 					smb_fname->base_name));
@@ -1013,7 +1019,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 	return NT_STATUS_OK;
  fail:
 	DEBUG(10, ("dirpath = [%s] start = [%s]\n", dirpath, start));
-	if (*dirpath != '\0') {
+	if (dirpath && *dirpath != '\0') {
 		smb_fname->base_name = talloc_asprintf(smb_fname, "%s/%s",
 						       dirpath, start);
 	} else {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list