[PATCH 1/2] Fix bug #9329 - Directory listing with SeBackup can crash smbd.

Andrew Bartlett abartlet at samba.org
Mon Oct 29 15:44:20 MDT 2012

On Mon, 2012-10-29 at 14:41 -0700, Jeremy Allison wrote:
> On Tue, Oct 30, 2012 at 08:32:29AM +1100, Andrew Bartlett wrote:
> > 
> > I was more meaning going back to your original patch, which then used
> > conn.  I guess your point is that while it is always valid, it may not
> > be always correct,
> Yes, that's exactly the point !
> > if for the delete on close case, we don't happen to
> > pass down the nttoken that needs to be used.
> The problem with the delete-on-close case is that
> the token being used exists independently of the one
> attached to the conn struct. So once we've done the
> set_sec_ctx() inside the delete-on-close case, if
> we then do a become_root() the only place to find
> the correct token is to look up the stack for the
> previous valid one (the one set by the set_sec_ctx()).
> We could change become_root() under the covers
> to always dup the previous valid token (which is
> a change I did consider) but then that's an
> extra malloc/memcpy/free on every become_root()/
> unbecome_root() pair when it's only needed for
> this very unlikely code path.
> So I added the complexity into the unlikely
> path so we only pay the cost of the search
> there.
> Hope this helps explain things !

Thanks for your patience on this.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list