[PATCH 1/2] Fix bug #9329 - Directory listing with SeBackup can crash smbd.
Jeremy Allison
jra at samba.org
Mon Oct 29 15:41:16 MDT 2012
On Tue, Oct 30, 2012 at 08:32:29AM +1100, Andrew Bartlett wrote:
>
> I was more meaning going back to your original patch, which then used
> conn. I guess your point is that while it is always valid, it may not
> be always correct,
Yes, that's exactly the point !
> if for the delete on close case, we don't happen to
> pass down the nttoken that needs to be used.
The problem with the delete-on-close case is that
the token being used exists independently of the one
attached to the conn struct. So once we've done the
set_sec_ctx() inside the delete-on-close case, if
we then do a become_root() the only place to find
the correct token is to look up the stack for the
previous valid one (the one set by the set_sec_ctx()).
We could change become_root() under the covers
to always dup the previous valid token (which is
a change I did consider) but then that's an
extra malloc/memcpy/free on every become_root()/
unbecome_root() pair when it's only needed for
this very unlikely code path.
So I added the complexity into the unlikely
path so we only pay the cost of the search
there.
Hope this helps explain things !
Jeremy.
More information about the samba-technical
mailing list