The Samba-Bugzilla – Attachment 16420 Details for
Bug 14627
Invalid memory read access in posix_sys_acl_blob_get_fd()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.14, 4.13 and 4.12
0001-s3-smbd-Fix-invalid-memory-access-in-posix_sys_acl_b.patch (text/plain), 1.20 KB, created by
Andreas Schneider
on 2021-02-02 07:10:43 UTC
(
hide
)
Description:
patch for 4.14, 4.13 and 4.12
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2021-02-02 07:10:43 UTC
Size:
1.20 KB
patch
obsolete
>From 2d40b9bdd708eb2a86ae8bb1bc60c4b92f718658 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 1 Feb 2021 12:03:17 +0100 >Subject: [PATCH] s3:smbd: Fix invalid memory access in > posix_sys_acl_blob_get_fd() > >We are handing down an out of scope buffer. > >Found by AddressSanitizer. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14627 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 0a93f5367bc55ee14f13da5bdb812333c9d9e9f3) >--- > source3/smbd/posix_acls.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 041305d4aec..c1d5b7cd047 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -4651,12 +4651,12 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle, > TALLOC_CTX *frame; > struct smb_acl_wrapper acl_wrapper = { 0 }; > int fd = fsp_get_pathref_fd(fsp); >+ char buf[PATH_MAX] = {0}; > struct smb_filename fname; > int ret; > > if (fsp->fsp_flags.have_proc_fds) { > const char *proc_fd_path = NULL; >- char buf[PATH_MAX]; > > proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf)); > if (proc_fd_path == NULL) { >-- >2.30.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 14627
: 16420