From b6f19f1b39e32f048beaf4811b65e2d704dd019b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 Oct 2017 10:37:55 -0700 Subject: [PATCH 1/2] s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit fb9ce0685e5d46e3d7abf5fac07b4f626339a413) --- source3/lib/system.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source3/lib/system.c b/source3/lib/system.c index 99462b631c7..01c934277ac 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -605,11 +605,16 @@ char *sys_getwd(void) } return wd; #else + char *wd = NULL; char *s = SMB_MALLOC_ARRAY(char, PATH_MAX); if (s == NULL) { return NULL; } - return getwd(s); + wd = getwd(s); + if (wd == NULL) { + SAFE_FREE(s); + } + return wd; #endif } -- 2.14.2.920.gcf0c67979c-goog From 245dde8931e0c963952deb0b3e710c2eb2f14432 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 Oct 2017 10:58:00 -0700 Subject: [PATCH 2/2] s3: VFS: Protect errno if sys_getwd() fails across free() call. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 4800ed3595513ce1e2f4edee36c35daafc63a3d5) --- source3/lib/system.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/lib/system.c b/source3/lib/system.c index 01c934277ac..01473190147 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -594,7 +594,9 @@ char *sys_getwd(void) break; } if (errno != ERANGE) { + int saved_errno = errno; SAFE_FREE(s); + errno = saved_errno; break; } allocated *= 2; @@ -612,7 +614,9 @@ char *sys_getwd(void) } wd = getwd(s); if (wd == NULL) { + int saved_errno = errno; SAFE_FREE(s); + errno = saved_errno; } return wd; #endif -- 2.14.2.920.gcf0c67979c-goog