[PATCH 3/6] s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
Christian Ambach
ambi at samba.org
Fri Nov 16 15:50:33 MST 2012
sys_acl_init returns a SMB_ACL_T with zero entries in the acl array
reallocate the array to proper size before filling it, otherwise we overwrite memory
This one is a result of a improper fixing in 7a6182962966e5edb42728c8
Signed-off-by: Christian Ambach <ambi at samba.org>
---
source3/modules/vfs_gpfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index e425d2f..f5ac7eb 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -573,6 +573,8 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
}
result->count = pacl->acl_nace;
+ result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
+ result->count);
for (i=0; i<pacl->acl_nace; i++) {
struct smb_acl_entry *ace = &result->acl[i];
--
1.7.11.7
More information about the samba-technical
mailing list