[SCM] Samba Shared Repository - branch v4-21-test updated
Jule Anger
janger at samba.org
Mon Aug 26 11:10:01 UTC 2024
The branch, v4-21-test has been updated
via 37bbe0ca09e s3:smbd: fix NULL dereference in case of readlink failure
from 0d41094f130 lib/param: Don't treat a missing include file as an error in handle_include().
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit 37bbe0ca09e4b8db52937b0b9bc9c9fad47a115f
Author: Shachar Sharon <ssharon at redhat.com>
Date: Thu Aug 22 14:44:28 2024 +0300
s3:smbd: fix NULL dereference in case of readlink failure
When VFS readlinkat hook returns with error the following sequence
yields NULL-pointer dereference (SIGSEGV):
symlink_target_below_conn (source3/smbd/open.c)
char *target = NULL;
...
readlink_talloc (source3/smbd/files.c)
SMB_VFS_READLINKAT
smb_vfs_call_readlinkat (source3/smbd/vfs.c)
handle->fns->readlinkat_fn --> returns error
status = safe_symlink_target_path(.., target /* NULL */ ..)
safe_symlink_target_path (source3/smbd/filename.c)
if (target[0] == '/') { /* NULL pointer dereference */
A failure in VFS module's readlinkat hook may happen due to run-time
error (e.g., network failure which cases libcephfs to disconnect from
MDS).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224
(cherry picked from commit 168966a053045476a84044aa73f66722eb702fe0)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Mon Aug 26 11:09:31 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/open.c | 4 ++++
1 file changed, 4 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 7999b3f082e..f2c5c17bbd0 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -582,6 +582,10 @@ static NTSTATUS symlink_target_below_conn(
talloc_tos(), dirfsp, symlink_name, &target);
}
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
status = safe_symlink_target_path(talloc_tos(),
connection_path,
dirfsp->fsp_name->base_name,
--
Samba Shared Repository
More information about the samba-cvs
mailing list