Leak of file descriptor in samba 4.5.11

Jeremy Allison jra at samba.org
Thu Feb 22 20:03:38 UTC 2018 

On Wed, Feb 14, 2018 at 01:36:14PM -0800, Jeremy Allison wrote:
> 
> Hi Arjit,
> 
> I think your analysis is correct here (we should be using
> fd_close() instead of dptr_CloseDir()). I think the reason
> it is biting you and not others is that HPUX doesn't support
> fdopendir(), which would hide the problem (the destructor
> would then correctly close the underlying fd).
> 
> Can you test the following patch (I've also attached to
> the bug report) ? It shouldn't change anything on systems
> that support fdopendir(), but should fix the leak for HPUX.

Ping Ralph,

Can you take a look at this so I can push ?

Arjit has confirmed it fixes his issue on HPUX.

(and I'm correct, it's because HPUX doesn't support
fdopendir() :-).

Cheers,

	Jeremy.

> From 1f09b75f6900a89b34da002a7aa6d3b2dae0308c Mon Sep 17 00:00:00 2001
> From: Jeremy Allison <jra at samba.org>
> Date: Wed, 14 Feb 2018 13:23:12 -0800
> Subject: [PATCH] s3: smbd: Fix possible directory fd leak if the underlying OS
>  doesn't support FDOPENDIR()
> 
> (HPUX I think has this problem).
> 
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13270
> 
> Signed-off-by: Jeremy Allison <jra at samba.org>
> ---
>  source3/smbd/smb2_query_directory.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/source3/smbd/smb2_query_directory.c b/source3/smbd/smb2_query_directory.c
> index 430fdca90de..888473853d4 100644
> --- a/source3/smbd/smb2_query_directory.c
> +++ b/source3/smbd/smb2_query_directory.c
> @@ -343,11 +343,14 @@ static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
>  	if (in_flags & SMB2_CONTINUE_FLAG_REOPEN) {
>  		int flags;
>  
> -		dptr_CloseDir(fsp);
> +		status = fd_close(fsp);
> +		if (tevent_req_nterror(req, status)) {
> +			return tevent_req_post(req, ev);
> +		}
>  
>  		/*
> -		 * dptr_CloseDir() will close and invalidate the fsp's file
> -		 * descriptor, we have to reopen it.
> +		 * fd_close() will close and invalidate the fsp's file
> +		 * descriptor. So we have to reopen it.
>  		 */
>  
>  		flags = O_RDONLY;
> -- 
> 2.14.1
>

More information about the samba-technical mailing list