From 64310259325146849d1e5d2d10ed53910fd0a40d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 23 Nov 2015 14:00:56 -0800 Subject: [PATCH] s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle. There are three issues: 1). The memcmp checking that the open file path has the open directory path as its parent compares using the wrong length (it uses the full open file path which will never compare as the same). 2). The files_below_forall() function doesn't fill in the callback function or callback data when calling share_mode_forall(), leading to a crash (which we never saw, as the previous issue (1) meant the callback function would never be invoked). 3). When invoking the callback function from files_below_forall_fn() we were passing in the wrong private_data pointer (needs to be the one from the state, not the private_data passed into files_below_forall_fn()). Found when running the torture test smb2.rename.rename_dir_openfile when fixing bug #11065. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11615 Signed-off-by: Jeremy Allison Reviewed-by: Michael Adam Reviewed-by: Ralph Boehme Autobuild-User(master): Michael Adam Autobuild-Date(master): Tue Nov 24 19:36:20 CET 2015 on sn-devel-104 (cherry picked from commit 158200611271bd80d80280c88578dfd5380f8fd0) --- source3/smbd/dir.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 5ec9cc3..55313db 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1905,14 +1905,14 @@ static int files_below_forall_fn(struct file_id fid, return 0; } - if (memcmp(state->dirpath, fullpath, len) != 0) { + if (memcmp(state->dirpath, fullpath, state->dirpath_len) != 0) { /* * Not a parent */ return 0; } - return state->fn(fid, data, private_data); + return state->fn(fid, data, state->private_data); } static int files_below_forall(connection_struct *conn, @@ -1922,7 +1922,10 @@ static int files_below_forall(connection_struct *conn, void *private_data), void *private_data) { - struct files_below_forall_state state = {}; + struct files_below_forall_state state = { + .fn = fn, + .private_data = private_data, + }; int ret; char tmpbuf[PATH_MAX]; char *to_free; @@ -1957,7 +1960,9 @@ static int have_file_open_below_fn(struct file_id fid, static bool have_file_open_below(connection_struct *conn, const struct smb_filename *name) { - struct have_file_open_below_state state = {}; + struct have_file_open_below_state state = { + .found_one = false, + }; int ret; if (!VALID_STAT(name->st)) { -- 2.6.0.rc2.230.g3dd15c0