Patch: Don't copy back the stat struct from stat_cache_lookup if we did not get a hit on the full path

Mon Sep 17 20:43:47 UTC 2018

Hi folks,

If the stat cache does not contain the full path we are looking up we
copy back the stat struct for a completely unrelated object (one of
the parent directories).

It's not a problem unless we are carrying other things around in the
stat_ex struct.

Here is a small patch to stop that behavior.

If it looks OK, I will send it along with a signed-off-by.

diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index 27f9dec..9229907 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -261,10 +261,7 @@ bool stat_cache_lookup(connection_struct *conn,
                 * Count the number of times we have done this, we'll
                 * need it when reconstructing the string.
                 */
-
-               if (sizechanged) {
-                       num_components++;
-               }
+               num_components++;

                if ((*chk_name == '\0')
                    || ISDOT(chk_name) || ISDOTDOT(chk_name)) {
@@ -301,7 +298,11 @@ bool stat_cache_lookup(connection_struct *conn,
                TALLOC_FREE(translated_path);
                return False;
        }
-       *pst = smb_fname.st;
+       /*
+        * Only copy the stat struct back if we actually hit the full path
+        */
+       if (num_components == 0)
+               *pst = smb_fname.st;

        if (!sizechanged) {
                memcpy(*pp_name, translated_path,


-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)

