[PATCH] invalid read of deleted memory in
Jeremy Allison
jra at samba.org
Thu Feb 27 10:13:06 MST 2014
On Thu, Feb 27, 2014 at 03:47:32PM +0000, Noel Power wrote:
> Hi,
>
> small and probably naive patch for a valgrind error
>
> Noel
> >From 1f962a57ab686f4a5f45d799571e4e9afc8b0440 Mon Sep 17 00:00:00 2001
> From: Noel Power <noel.power at suse.com>
> Date: Thu, 27 Feb 2014 14:52:45 +0000
> Subject: [PATCH] fix read of deleted memory in reply_writeclose
>
> While running smbtorture test raw.write under valgrind an "Invalid read"
> was reported in methid reply_writeclose, it seems after closing a file
> sometime later we try to access it again.
>
> Signed-off-by: Noel Power <noel.power at suse.com>
> ---
> source3/smbd/reply.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
> index 6b56239..bf90662 100644
> --- a/source3/smbd/reply.c
> +++ b/source3/smbd/reply.c
> @@ -5223,6 +5223,8 @@ void reply_writeclose(struct smb_request *req)
> if(!NT_STATUS_IS_OK(close_status)) {
> reply_nterror(req, close_status);
> goto strict_unlock;
> + } else {
> + fsp = NULL;
> }
>
> reply_outbuf(req, 1, 0);
> @@ -5230,7 +5232,7 @@ void reply_writeclose(struct smb_request *req)
> SSVAL(req->outbuf,smb_vwv0,nwritten);
>
> strict_unlock:
> - if (numtowrite && !fsp->print_file) {
> + if (numtowrite && fsp && !fsp->print_file) {
> SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
> }
Thanks for pointing that out ! It's actually worse
than that in that after we call close_file(..., fsp, ...)
we shouldn't be touching fsp again.
I'll update your fix and re-submit.
Thanks !
Jeremy.
More information about the samba-technical
mailing list