Fix empty ACLs with nfs4 vfs module

Alexander Werth werth at linux.vnet.ibm.com
Wed Oct 30 09:04:35 MDT 2013 


On Wed, 2013-10-30 at 14:58 +0100, David Disseldorp wrote:
> Hi Alexander,
> 
> Your changes look good. One minor comment...
> 
> On Wed, 30 Oct 2013 13:45:21 +0100
> Alexander Werth <werth at linux.vnet.ibm.com> wrote:
> 
> > -	nt_ace_list = (struct security_ace *)TALLOC_REALLOC(mem_ctx,
> > -					nt_ace_list,
> > -					good_aces * sizeof(struct security_ace));
> > +	nt_ace_list = (struct security_ace *)
> > +		TALLOC_REALLOC(mem_ctx, nt_ace_list,
> > +			       good_aces * sizeof(struct security_ace));
> > +	if (good_aces == 0) /* realloc to zero size is a free.*/
> > +		nt_ace_list = (struct security_ace *)TALLOC_SIZE(mem_ctx, 0);
> >  	if (nt_ace_list == NULL) {
> > +		DEBUG(10, ("realloc error with %d aces", good_aces));
> >  		errno = ENOMEM;
> >  		return false;
> >  	}
> 
> I'd prefer an explicit TALLOC_FREE(), and return a NULL nt_ace_list in
> such a case. The subsequent make_sec_acl() call doesn't require a valid
> ptr when num_aces == 0. e.g.

Good point. I overlooked this check in make_sec_acl().
That actually simplifies the patch even further since a null return
value is not an error if there are zero ace's.

-	nt_ace_list = (struct security_ace *)TALLOC_REALLOC(mem_ctx,
-					nt_ace_list,
-					good_aces * sizeof(struct security_ace));
-	if (nt_ace_list == NULL) {
+	nt_ace_list = (struct security_ace *)
+		TALLOC_REALLOC(mem_ctx, nt_ace_list,
+			       good_aces * sizeof(struct security_ace));
+	if (good_aces && nt_ace_list == NULL) {
+		DEBUG(10, ("realloc error with %d aces", good_aces));
 		errno = ENOMEM;
 		return false;
 	}


Cheers Alexander

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-modules-Fix-realloc-with-zero-sized-ACLs.patch
Type: text/x-patch
Size: 1422 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131030/447ea42a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-s3-modules-nfs4_acls-ACLs-with-zero-entries-are-fine.patch
Type: text/x-patch
Size: 1952 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131030/447ea42a/attachment-0001.bin>

More information about the samba-technical mailing list