The Samba-Bugzilla – Attachment 17735 Details for
Bug 15283
vfs_virusfilter segfault on access, directory edgecase (accessing NULL value)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.17
bug-15283-4.17.txt (text/plain), 5.55 KB, created by
Volker Lendecke
on 2023-01-13 08:48:47 UTC
(
hide
)
Description:
Patch for 4.17
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2023-01-13 08:48:47 UTC
Size:
5.55 KB
patch
obsolete
>From 9dd0d8da766fad8d61badce6803daccb16b81be1 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 12 Jan 2023 10:22:09 -0800 >Subject: [PATCH 1/2] selftest: Show vfs_virusscanner crashes when traversing a > 2-level directory tree. > >Modify check_infected_read() test to use a 2-level deep >directory. > >We must have vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no >set on the virusscanner share as otherwise the openat flag >shortcut defeats the test. > >Add knownfail. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> >(cherry picked from commit c844bff3eca336547c6cedfeeb03adda4eed57c6) >--- > selftest/knownfail.d/virusscanner | 1 + > selftest/target/Samba3.pm | 1 + > source3/script/tests/test_virus_scanner.sh | 25 ++++++++++++++++------ > 3 files changed, 20 insertions(+), 7 deletions(-) > create mode 100644 selftest/knownfail.d/virusscanner > >diff --git a/selftest/knownfail.d/virusscanner b/selftest/knownfail.d/virusscanner >new file mode 100644 >index 00000000000..9bcaae7b4d1 >--- /dev/null >+++ b/selftest/knownfail.d/virusscanner >@@ -0,0 +1 @@ >+^samba3.blackbox.virus_scanner.check_infected_read\(fileserver:local\) >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index 64374ab9bcd..e341adaa5c4 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -1940,6 +1940,7 @@ sub setup_fileserver > virusfilter:infected files = *infected* > virusfilter:infected file action = rename > virusfilter:scan on close = yes >+ vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no > > [volumeserialnumber] > path = $volume_serial_number_sharedir >diff --git a/source3/script/tests/test_virus_scanner.sh b/source3/script/tests/test_virus_scanner.sh >index 913c353028b..83b50df915f 100755 >--- a/source3/script/tests/test_virus_scanner.sh >+++ b/source3/script/tests/test_virus_scanner.sh >@@ -26,25 +26,36 @@ check_infected_read() > { > rm -rf "${sharedir:?}"/* > >- if ! touch "${sharedir}/infected.txt"; then >- echo "ERROR: Cannot create ${sharedir}/infected.txt" >+ if ! mkdir "${sharedir}/read1"; then >+ echo "ERROR: Cannot create ${sharedir}/read1" >+ return 1 >+ fi >+ >+ if ! mkdir "${sharedir}/read1/read2"; then >+ echo "ERROR: Cannot create ${sharedir}/read1/read2" > return 1 > fi > >- ${SMBCLIENT} "//${SERVER_IP}/${SHARE}" -U"${USER}"%"${PASSWORD}" -c "get infected.txt ${sharedir}/infected.download.txt" >+ if ! touch "${sharedir}/read1/read2/infected.txt"; then >+ echo "ERROR: Cannot create ${sharedir}/read1/read2/infected.txt" >+ return 1 >+ fi >+ >+ ${SMBCLIENT} "//${SERVER_IP}/${SHARE}" -U"${USER}"%"${PASSWORD}" -c "get read1/read2/infected.txt ${sharedir}/read1/read2/infected.download.txt" > > # check that virusfilter:rename prefix/suffix was added >- if [ ! -f "${sharedir}/virusfilter.infected.txt.infected" ]; then >- echo "ERROR: ${sharedir}/virusfilter.infected.txt.infected is missing." >+ if [ ! -f "${sharedir}/read1/read2/virusfilter.infected.txt.infected" ]; then >+ echo "ERROR: ${sharedir}/read1/read2/virusfilter.infected.txt.infected is missing." > return 1 > fi > > # check that file was not downloaded >- if [ -f "${sharedir}/infected.download.txt" ]; then >- echo "ERROR: {sharedir}/infected.download.txt should not exist." >+ if [ -f "${sharedir}/read1/read2/infected.download.txt" ]; then >+ echo "ERROR: {sharedir}/read1/read2/infected.download.txt should not exist." > return 1 > fi > >+ rm -rf "${sharedir:?}"/* > return 0 > } > >-- >2.30.2 > > >From 6abf55bccc161c2c55b47375c2176e3fce0b029a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 12 Jan 2023 11:20:08 -0800 >Subject: [PATCH 2/2] s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL > out fsp->fsp_name after calling fd_close() on intermediate directories, > rather than before. > >vfs_virusfilter expects a non-NULL fsp->fsp_name to use for printing debugs >(it always indirects fsp->fsp_name). vfs_fruit also does the same, so would >also crash in fruit_close() with 'debug level = 10' and vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no >set (we don't test with that which is why we haven't noticed >this before). > >Remove knownfail. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Fri Jan 13 08:33:47 UTC 2023 on sn-devel-184 > >(cherry picked from commit 3d3d01cda8d3a6d0d18d1b808aa9414e71d56062) >--- > selftest/knownfail.d/virusscanner | 1 - > source3/smbd/files.c | 4 ++-- > 2 files changed, 2 insertions(+), 3 deletions(-) > delete mode 100644 selftest/knownfail.d/virusscanner > >diff --git a/selftest/knownfail.d/virusscanner b/selftest/knownfail.d/virusscanner >deleted file mode 100644 >index 9bcaae7b4d1..00000000000 >--- a/selftest/knownfail.d/virusscanner >+++ /dev/null >@@ -1 +0,0 @@ >-^samba3.blackbox.virus_scanner.check_infected_read\(fileserver:local\) >diff --git a/source3/smbd/files.c b/source3/smbd/files.c >index 9b0c902c0d4..3d62e97fc8a 100644 >--- a/source3/smbd/files.c >+++ b/source3/smbd/files.c >@@ -1053,9 +1053,9 @@ next: > } > > if (dirfsp != conn->cwd_fsp) { >- dirfsp->fsp_name = NULL; > SMB_ASSERT(fsp_get_pathref_fd(dirfsp) != -1); > fd_close(dirfsp); >+ dirfsp->fsp_name = NULL; > file_free(NULL, dirfsp); > dirfsp = NULL; > } >@@ -1117,9 +1117,9 @@ fail: > } > > if ((dirfsp != NULL) && (dirfsp != conn->cwd_fsp)) { >- dirfsp->fsp_name = NULL; > SMB_ASSERT(fsp_get_pathref_fd(dirfsp) != -1); > fd_close(dirfsp); >+ dirfsp->fsp_name = NULL; > file_free(NULL, dirfsp); > dirfsp = NULL; > } >-- >2.30.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 15283
:
17725
| 17735