[PATCH] Fix smbd panic if we chdir() to an unreadable directory.
Jeremy Allison
jra at samba.org
Fri Oct 6 21:56:50 UTC 2017
Hi folks,
Currently smbd will (deliberately) panic in the
vfs_ChDir() wrapper function if we chdir() to a
directory, and then the following getwd() fails.
We do this as lots of smbd internals depend on keeping
the $cwd state correctly cached and also stored on the
connection struct.
This is always true on Linux - if we can chdir()
to a directory we can always read /proc/self/cwd.
However:
bug: https://bugzilla.samba.org/show_bug.cgi?id=13027
shows that under Solaris and other Solaris-OS-forks that
this is not always the case, so on those systems
smbd panics if the share has any search-only directories
with readable subdirectories.
The following patch changes the wrapper vfs_ChDir()
function to save the $cwd state (held on the connection
struct), and if the chdir() succeeds but the following
getwd() fails, does a chdir() to the saved $cwd state and
returns fail for the original chdir() request with -1
instead of panicing.
If there's no existing $cwd state (first use of share)
or if the return to stored $cwd chdir() fails we still
panic, so this fails safe.
Bug reporter has confirmed this fixes his issue.
This is a master and 4.7.x-only fix as it relies on the
struct smb_filename plumbing through the VFS.
Please review and push if happy.
Cheers,
Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-smbd-Currently-if-getwd-fails-after-a-chdir-we-pa.patch
Type: text/x-diff
Size: 3162 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171006/47f53e3a/0001-s3-smbd-Currently-if-getwd-fails-after-a-chdir-we-pa.diff>
More information about the samba-technical
mailing list