[PATCH 1/2] Fix bug #9329 - Directory listing with SeBackup can crash smbd.

Jeremy Allison jra at samba.org
Mon Oct 29 15:41:16 MDT 2012

On Tue, Oct 30, 2012 at 08:32:29AM +1100, Andrew Bartlett wrote:
> I was more meaning going back to your original patch, which then used
> conn.  I guess your point is that while it is always valid, it may not
> be always correct,

Yes, that's exactly the point !

> if for the delete on close case, we don't happen to
> pass down the nttoken that needs to be used.

The problem with the delete-on-close case is that
the token being used exists independently of the one
attached to the conn struct. So once we've done the
set_sec_ctx() inside the delete-on-close case, if
we then do a become_root() the only place to find
the correct token is to look up the stack for the
previous valid one (the one set by the set_sec_ctx()).

We could change become_root() under the covers
to always dup the previous valid token (which is
a change I did consider) but then that's an
extra malloc/memcpy/free on every become_root()/
unbecome_root() pair when it's only needed for
this very unlikely code path.

So I added the complexity into the unlikely
path so we only pay the cost of the search

Hope this helps explain things !


More information about the samba-technical mailing list