[SCM] Samba Shared Repository - branch master updated

Noel Power npower at samba.org
Mon Aug 14 18:12:01 UTC 2023 

The branch, master has been updated
       via  044cb8f9d55 mdssvc: Do an early talloc_free() in _mdssvc_open()
      from  5379b8d557a s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 044cb8f9d558bfcd7658cae0f05ff36330538748
Author: Jones Syue <jonessyue at qnap.com>
Date:   Mon Aug 7 17:08:29 2023 +0800

    mdssvc: Do an early talloc_free() in _mdssvc_open()
    
    Environment setup:
    When macOS Finder connect to a samba server with 'spotlight = yes',
    macOS would issue mdssvc open (mdssvc.opnum == 0) to samba and it goes
    through api _mdssvc_open().
    
    After applied 578e434a94147dc2d7dbfc006d2ab84807859c1d,
    (this is reported by jaywei at qnap.com)
    this line 'talloc_free(path);' is deleted if _mdssvc_open() normal exit,
    so memory is lazy de-allocate: delayed to
    smbd_tevent_trace_callback() @ smb2_process.c. [1]
    
    Supposed to explicitly free 'path' in _mdssvc_open() @ srv_mdssvc_nt.c[2]
    just like abnormal exit, do not wait for main loop to free 'path' which is
    no longer used, this is more consistent while reading source code.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15449
    
    [1] gdb tracing 'path' address 0x56204ccc67e0 to know how it is freed.
    Breakpoint 2, _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
    1656            while (tc->child) {
    (gdb) bt
    0  _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
    1  0x00007ff430d92b14 in _tc_free_internal (tc=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1183
    2  0x00007ff430d93b71 in _tc_free_children_internal (tc=0x56204ccc6720, ptr=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1668
    3  0x00007ff430d93d66 in talloc_free_children (ptr=0x56204ccc6780) at ../../lib/talloc/talloc.c:1714
    4  0x00007ff432235aca in talloc_pop (frame=0x56204ccc6780) at ../../lib/util/talloc_stack.c:125
    5  0x00007ff430d92959 in _tc_free_internal (tc=0x56204ccc6720, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1157
    6  0x00007ff430d92cd5 in _talloc_free_internal (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1247
    7  0x00007ff430d93f96 in _talloc_free (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1791
    8  0x00007ff431d81292 in smbd_tevent_trace_callback (point=TEVENT_TRACE_AFTER_LOOP_ONCE, private_data=0x7ffe46591e30) at ../../source3/smbd/process.c:3726
    <...cut...>
    
    [2] gdb tracing 'path' address 0x55a6d66deed0 to know how it is freed.
    Breakpoint 2, _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
    1656            while (tc->child) {
    (gdb) bt
    0  _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
    1  0x00007fc4cb892b14 in _tc_free_internal (tc=0x55a6d66deed0, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1183
    2  0x00007fc4cb892cd5 in _talloc_free_internal (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1247
    3  0x00007fc4cb893f96 in _talloc_free (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1791
    4  0x00007fc4cc9396e4 in _mdssvc_open (p=0x55a6d66d5600, r=0x55a6d66edc60) at ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189
    <...cut...>
    
    Signed-off-by: Jones Syue <jonessyue at qnap.com>
    Reviewed-by: Noel Power <npower at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Mon Aug 14 18:11:37 UTC 2023 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 1 +
 1 file changed, 1 insertion(+)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
index c77e7185521..9a166244df5 100644
--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
@@ -135,6 +135,7 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r)
 	}
 
 	strlcpy(outpath, fake_path, 1024);
+	talloc_free(path);
 	talloc_free(fake_path);
 	return;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list