[SCM] Samba Shared Repository - branch master updated
David Disseldorp
ddiss at samba.org
Fri Mar 15 11:33:02 UTC 2019
The branch, master has been updated
via 1375e08580d smbd: fix check_parent_access() talloc stackframe leaks
from edd4a23d763 ctdb-version: Simplify version string usage
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1375e08580d642c069170e3e3bddc690bf3c5e89
Author: David Disseldorp <ddiss at samba.org>
Date: Tue Mar 12 18:49:09 2019 +0100
smbd: fix check_parent_access() talloc stackframe leaks
check_parent_access() currently leaks a number of allocations onto the
talloc_tos() context in both success and error paths.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri Mar 15 11:32:04 UTC 2019 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/open.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index bab9286751f..22f6715c6c0 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -258,21 +258,24 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
uint32_t name_hash;
bool delete_on_close_set;
int ret;
+ TALLOC_CTX *frame = talloc_stackframe();
- if (!parent_dirname(talloc_tos(),
+ if (!parent_dirname(frame,
smb_fname->base_name,
&parent_dir,
NULL)) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
}
- parent_smb_fname = synthetic_smb_fname(talloc_tos(),
+ parent_smb_fname = synthetic_smb_fname(frame,
parent_dir,
NULL,
NULL,
smb_fname->flags);
if (parent_smb_fname == NULL) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
}
if (get_current_uid(conn) == (uid_t)0) {
@@ -281,13 +284,14 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
"on %s. Granting 0x%x\n",
smb_fname_str_dbg(smb_fname),
(unsigned int)access_mask ));
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+ goto out;
}
status = SMB_VFS_GET_NT_ACL(conn,
parent_smb_fname,
SECINFO_DACL,
- talloc_tos(),
+ frame,
&parent_sd);
if (!NT_STATUS_IS_OK(status)) {
@@ -295,7 +299,7 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
"%s with error %s\n",
parent_dir,
nt_errstr(status)));
- return status;
+ goto out;
}
/*
@@ -322,14 +326,16 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
access_mask,
access_granted,
nt_errstr(status) ));
- return status;
+ goto out;
}
if (!(access_mask & (SEC_DIR_ADD_FILE | SEC_DIR_ADD_SUBDIR))) {
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+ goto out;
}
if (!lp_check_parent_directory_delete_on_close(SNUM(conn))) {
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+ goto out;
}
/* Check if the directory has delete-on-close set */
@@ -346,7 +352,7 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
goto out;
}
- lck = get_existing_share_mode_lock(talloc_tos(), id);
+ lck = get_existing_share_mode_lock(frame, id);
if (lck == NULL) {
status = NT_STATUS_OK;
goto out;
@@ -361,8 +367,7 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
status = NT_STATUS_OK;
out:
- TALLOC_FREE(lck);
- TALLOC_FREE(parent_smb_fname);
+ TALLOC_FREE(frame);
return status;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list