Is there a potential NULL-pointer de-reference in sourc3/modules/vfs_glusterfs.c?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Sep 10 05:06:33 UTC 2015
On Wed, Sep 09, 2015 at 01:21:41PM -0700, Richard Sharpe wrote:
> Hi folks,
>
> In vfs_gluster_open (current master) we see:
>
> p_tmp = (glfs_fd_t **)VFS_ADD_FSP_EXTENSION(handle, fsp,
> glfs_fd_t *, NULL);
> *p_tmp = glfd;
>
>
> Shouldn't that last line be:
>
> if (p_tmp) *t_tmp = glfd
>
> and maybe some other error checking?
Yes, you are right. Although if that call fails it might be reasonable
to assume that there's nothing better to do than crash :-)
The other thing: gluster_open always returns the same leet fd. I'm not
sure how other parts of Samba like this. In previous versions we had the
deferred close queue implemented higher up. This would fail miserably
with all fd's being the same. I would not count on Samba to never index
anything based on the fd.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list