From 6733f430c3ac614b1d3734739b30bdd5c0fbae5d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 2 Oct 2017 17:36:51 -0700 Subject: [PATCH 1/3] s3: VFS: Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13068 Signed-off-by: Jeremy Allison --- source3/modules/vfs_default.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 0a56e457ab9..53d97859ec3 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -2226,6 +2226,10 @@ static struct smb_filename *vfswrap_getwd(vfs_handle_struct *handle, START_PROFILE(syscall_getwd); result = sys_getwd(); END_PROFILE(syscall_getwd); + + if (result == NULL) { + return NULL; + } smb_fname = synthetic_smb_fname(ctx, result, NULL, -- 2.14.2.822.g60be5d43e6-goog From a899a3fad9b99cb4587e69d40ba977153abfc692 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 Oct 2017 10:37:55 -0700 Subject: [PATCH 2/3] s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069 Signed-off-by: Jeremy Allison --- source3/lib/system.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source3/lib/system.c b/source3/lib/system.c index 70ddf6a4dea..5baa8f7d3ff 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -605,11 +605,16 @@ char *sys_getwd(void) } return wd; #else + char *wd = NULL; char *s = SMB_MALLOC_ARRAY(char, PATH_MAX); if (s == NULL) { return NULL; } - return getwd(s); + wd = getwd(s); + if (wd == NULL) { + SAFE_FREE(s); + } + return wd; #endif } -- 2.14.2.822.g60be5d43e6-goog From 5a06a74c72d28c0252807a1aa2139410efc8271a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 Oct 2017 10:58:00 -0700 Subject: [PATCH 3/3] s3: VFS: Protect errno if sys_getwd() fails across free() call. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069 Signed-off-by: Jeremy Allison --- source3/lib/system.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/lib/system.c b/source3/lib/system.c index 5baa8f7d3ff..507d4a9af93 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -594,7 +594,9 @@ char *sys_getwd(void) break; } if (errno != ERANGE) { + int saved_errno = errno; SAFE_FREE(s); + errno = saved_errno; break; } allocated *= 2; @@ -612,7 +614,9 @@ char *sys_getwd(void) } wd = getwd(s); if (wd == NULL) { + int saved_errno = errno; SAFE_FREE(s); + errno = saved_errno; } return wd; #endif -- 2.14.2.822.g60be5d43e6-goog