[PATCH] [SAMBA3] missing ACL can cause segv

[James Peach]

Hi all,

In check_posix_acl_group_write, if ACL supoprt is compiled in but the
file is question does not have any ACLs (or the running system does not
support ACLs), we attempt to free a NULL pointer, leading to the
following stack trace:

  BACKTRACE: 18 stack frames:
   #0 0x102fff1c smb_panic2
   #1 0x102ffa98 smb_panic
   #2 0x102d5e08 fault_report
   #3 0x102d5eb8 sig_fault
   #4 0xfaefcec _sigtramp
   #5 0x10100038 sys_acl_free_acl
   #6 0x100ed2ec vfswrap_sys_acl_free_acl
   #7 0x100ff0c0 check_posix_acl_group_write
   #8 0x100ff4c0 can_write_to_file
   #9 0x100d4f68 dos_mode_from_sbuf
   #10 0x100d6540 dos_mode
   #11 0x100c44c8 call_trans2qfilepathinfo
   #12 0x100d2014 reply_trans2
   #13 0x1010317c switch_message
   #14 0x101032a4 construct_reply
   #15 0x10103970 process_smb
   #16 0x101052c4 smbd_process
   #17 0x103dc670 main

The attached patch against svn HEAD fixes the problem.

-- 
James Peach | jpeach at sgi.com | SGI Australian Software Group
I don't speak for SGI.
-------------- next part --------------
Index: source/smbd/posix_acls.c
===================================================================
--- source/smbd/posix_acls.c	(revision 7671)
+++ source/smbd/posix_acls.c	(working copy)
@@ -3970,7 +3970,9 @@
 
   done:
 
-	SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
+	if (posix_acl) {
+	    SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
+	}
 
 	DEBUG(10,("check_posix_acl_group_write: file %s returning (ret = %d).\n", fname, ret ));
 	return ret;