[SCM] Samba Shared Repository - branch v4-20-test updated

Jule Anger janger at samba.org
Mon Aug 26 15:46:02 UTC 2024


The branch, v4-20-test has been updated
       via  f7dc86c173e s3:smbd: fix NULL dereference in case of readlink failure
      from  b9d9bec51c3 vfs_ceph{_new}: do not set errno upon successful call to libcephfs

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test


- Log -----------------------------------------------------------------
commit f7dc86c173e6c766ffc5df09f58d2086e3c6a7eb
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Thu Aug 22 14:44:28 2024 +0300

    s3:smbd: fix NULL dereference in case of readlink failure
    
    When VFS readlinkat hook returns with error the following sequence
    yields NULL-pointer dereference (SIGSEGV):
    
      symlink_target_below_conn (source3/smbd/open.c)
        char *target = NULL;
        ...
        readlink_talloc (source3/smbd/files.c)
          SMB_VFS_READLINKAT
            smb_vfs_call_readlinkat (source3/smbd/vfs.c)
              handle->fns->readlinkat_fn --> returns error
    
      status = safe_symlink_target_path(.., target /* NULL */ ..)
        safe_symlink_target_path (source3/smbd/filename.c)
          if (target[0] == '/') { /* NULL pointer dereference */
    
    A failure in VFS module's readlinkat hook may happen due to run-time
    error (e.g., network failure which cases libcephfs to disconnect from
    MDS).
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: John Mulligan <jmulligan at redhat.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 168966a053045476a84044aa73f66722eb702fe0)
    
    Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-20-test): Mon Aug 26 15:45:20 UTC 2024 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/open.c | 4 ++++
 1 file changed, 4 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 95034b147a8..fbbf088e9a1 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -592,6 +592,10 @@ static NTSTATUS symlink_target_below_conn(
 			talloc_tos(), dirfsp, symlink_name, &target);
 	}
 
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	status = safe_symlink_target_path(talloc_tos(),
 					  connection_path,
 					  dirfsp->fsp_name->base_name,


-- 
Samba Shared Repository



More information about the samba-cvs mailing list