[PATCH] Fix crash with MacOSX running against vfs_btrfs.

Jeremy Allison jra at samba.org
Thu Sep 7 17:47:42 UTC 2017 

On Thu, Aug 31, 2017 at 04:29:13PM -0700, Jeremy Allison wrote:
> Fix from Justin Maggard <jmaggard at netgear.com>.
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
> 
> Can I get a second Team reviewer ?

Ping ! Second reviewer ? Looks a really small well-contained
fix !

Jeremy.

> From b2e2b33865acb3eac2973dea5097bd31151f4b02 Mon Sep 17 00:00:00 2001
> From: Justin Maggard <jmaggard at netgear.com>
> Date: Wed, 30 Aug 2017 17:36:43 -0700
> Subject: [PATCH] s3: vfs: Pass a valid fsp to SMB_VFS_GET_COMPRESSION
> 
> We need to pass a valid fsp to SMB_VFS_GET_COMPRESSION(), or we will
> crash.
> 
> If we combine vfs_btrfs with (at least) vfs_catia or vfs_streams_xattr,
> we hit a NULL pointer in vfs_memctx_fsp_extension(). This appears to be
> because vfs_btrfs enables compression support, and when MacOS connects
> it calls dos_mode_check_compressed() which calls SMB_VFS_GET_COMPRESSION
> with a NULL files_struct pointer. This gets passed around until it finally
> gets dereferenced in vfs_memctx_fsp_extension().
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
> 
> Signed-off-by: Justin Maggard <jmaggard at netgear.com>
> Reviewed-by: Jeremy Allison <jra at samba.org>
> ---
>  source3/smbd/dosmode.c | 15 ++++++++++++++-
>  1 file changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
> index 3181f2e78a9..6e0ab1bbda1 100644
> --- a/source3/smbd/dosmode.c
> +++ b/source3/smbd/dosmode.c
> @@ -579,14 +579,27 @@ static NTSTATUS dos_mode_check_compressed(connection_struct *conn,
>  {
>  	NTSTATUS status;
>  	uint16_t compression_fmt;
> +	bool need_close = false;
> +	files_struct *fsp = NULL;
>  	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
>  	if (tmp_ctx == NULL) {
>  		status = NT_STATUS_NO_MEMORY;
>  		goto err_out;
>  	}
>  
> -	status = SMB_VFS_GET_COMPRESSION(conn, tmp_ctx, NULL, smb_fname,
> +	status = get_file_handle_for_metadata(conn,
> +					      smb_fname,
> +					      &fsp,
> +					      &need_close);
> +	if (!NT_STATUS_IS_OK(status)) {
> +		goto err_ctx_free;
> +	}
> +
> +	status = SMB_VFS_GET_COMPRESSION(conn, tmp_ctx, fsp, smb_fname,
>  					 &compression_fmt);
> +	if (need_close) {
> +		close_file(NULL, fsp, NORMAL_CLOSE);
> +	}
>  	if (!NT_STATUS_IS_OK(status)) {
>  		goto err_ctx_free;
>  	}
> -- 
> 2.14.1.581.gf28d330327-goog
>

More information about the samba-technical mailing list