From a899a3fad9b99cb4587e69d40ba977153abfc692 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 3 Oct 2017 10:37:55 -0700
Subject: [PATCH 1/2] s3: VFS: Ensure sys_getwd() doesn't leak memory on error
 on really old systems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/lib/system.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source3/lib/system.c b/source3/lib/system.c
index 70ddf6a4dea..5baa8f7d3ff 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -605,11 +605,16 @@ char *sys_getwd(void)
 	}
 	return wd;
 #else
+	char *wd = NULL;
 	char *s = SMB_MALLOC_ARRAY(char, PATH_MAX);
 	if (s == NULL) {
 		return NULL;
 	}
-	return getwd(s);
+	wd = getwd(s);
+	if (wd == NULL) {
+		SAFE_FREE(s);
+	}
+	return wd;
 #endif
 }
 
-- 
2.14.2.822.g60be5d43e6-goog


From 5a06a74c72d28c0252807a1aa2139410efc8271a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 3 Oct 2017 10:58:00 -0700
Subject: [PATCH 2/2] s3: VFS: Protect errno if sys_getwd() fails across free()
 call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/lib/system.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/lib/system.c b/source3/lib/system.c
index 5baa8f7d3ff..507d4a9af93 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -594,7 +594,9 @@ char *sys_getwd(void)
 			break;
 		}
 		if (errno != ERANGE) {
+			int saved_errno = errno;
 			SAFE_FREE(s);
+			errno = saved_errno;
 			break;
 		}
 		allocated *= 2;
@@ -612,7 +614,9 @@ char *sys_getwd(void)
 	}
 	wd = getwd(s);
 	if (wd == NULL) {
+		int saved_errno = errno;
 		SAFE_FREE(s);
+		errno = saved_errno;
 	}
 	return wd;
 #endif
-- 
2.14.2.822.g60be5d43e6-goog