Attachment 11926 Details for Bug 11799 – Test git-am patch.

[patch] Test git-am patch.

0001-s3-smbd-Fix-use-after-free-when-singleton-cache-is-l.patch (text/plain), 1.24 KB, created by Jeremy Allison on 2016-03-16 23:54:17 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2016-03-16 23:54:17 UTC

Size: 1.24 KB

patch

obsolete

>From 2642639d5e5a0c64722b9e6eb883daa6e46f433a Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Wed, 16 Mar 2016 16:52:56 -0700
>Subject: [PATCH] s3: smbd: Fix use-after free when singleton cache is left
> invalid.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11799
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>---
> source3/smbd/files.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
>diff --git a/source3/smbd/files.c b/source3/smbd/files.c
>index 8fefddd..1a7b48e 100644
>--- a/source3/smbd/files.c
>+++ b/source3/smbd/files.c
>@@ -500,6 +500,11 @@ void fsp_free(files_struct *fsp)
> 
> 	fsp->conn->num_files_open--;
> 
>+	/* Closing a file can invalidate the positive cache. */
>+	if (fsp == sconn->fsp_fi_cache.fsp) {
>+		ZERO_STRUCT(sconn->fsp_fi_cache);
>+	}
>+
> 	/* this is paranoia, just in case someone tries to reuse the
> 	   information */
> 	ZERO_STRUCTP(fsp);
>@@ -540,11 +545,6 @@ void file_free(struct smb_request *req, files_struct *fsp)
> 		remove_smb2_chained_fsp(fsp);
> 	}
> 
>-	/* Closing a file can invalidate the positive cache. */
>-	if (fsp == sconn->fsp_fi_cache.fsp) {
>-		ZERO_STRUCT(sconn->fsp_fi_cache);
>-	}
>-
> 	/* Drop all remaining extensions. */
> 	vfs_remove_all_fsp_extensions(fsp);
> 
>-- 
>2.7.0.rc3.207.g0ac5344
>

Flags:

jra: review? (obnox)

Actions: View

Attachments on bug 11799: 11926