The Samba-Bugzilla – Attachment 18114 Details for
Bug 15481
GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.19.next, 4.18.next.
bug-15481-4.19.patch (text/plain), 4.57 KB, created by
Jeremy Allison
on 2023-09-21 00:45:56 UTC
(
hide
)
Description:
git-am fix for 4.19.next, 4.18.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2023-09-21 00:45:56 UTC
Size:
4.57 KB
patch
obsolete
>From 8499ecab7ff52d456ecbe77b49d26eeb14cee626 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 20 Sep 2023 10:53:52 -0700 >Subject: [PATCH 1/2] tests: Add reproducer for BZ15481 > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481 > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 56df75d44795582dcecb8676a0d80d6f4a46c7e9) >--- > python/samba/tests/libsmb-basic.py | 27 +++++++++++++++++++++++++++ > selftest/knownfail.d/bug-15481 | 1 + > 2 files changed, 28 insertions(+) > create mode 100644 selftest/knownfail.d/bug-15481 > >diff --git a/python/samba/tests/libsmb-basic.py b/python/samba/tests/libsmb-basic.py >index cbe7cce5bae..163c5b09ea9 100644 >--- a/python/samba/tests/libsmb-basic.py >+++ b/python/samba/tests/libsmb-basic.py >@@ -215,6 +215,33 @@ class LibsmbTestCase(samba.tests.libsmb.LibsmbTests): > c1.unlink("x") > c1 = None > >+ def test_gencache_pollution_bz15481(self): >+ c = libsmb.Conn(self.server_ip, "tmp", self.lp, self.creds) >+ fh = c.create("file", >+ DesiredAccess=security.SEC_STD_DELETE, >+ CreateDisposition=libsmb.FILE_CREATE) >+ >+ # prime the gencache File->file >+ fh_upper = c.create("File", >+ DesiredAccess=security.SEC_FILE_READ_ATTRIBUTE, >+ CreateDisposition=libsmb.FILE_OPEN) >+ c.close(fh_upper) >+ >+ c.delete_on_close(fh, 1) >+ c.close(fh) >+ >+ fh = c.create("File", >+ DesiredAccess=security.SEC_STD_DELETE, >+ CreateDisposition=libsmb.FILE_CREATE) >+ >+ directory = c.list("\\", "File") >+ >+ c.delete_on_close(fh, 1) >+ c.close(fh) >+ >+ # Without the bugfix for 15481 we get 'file' not 'File' >+ self.assertEqual(directory[0]['name'], 'File') >+ > if __name__ == "__main__": > import unittest > unittest.main() >diff --git a/selftest/knownfail.d/bug-15481 b/selftest/knownfail.d/bug-15481 >new file mode 100644 >index 00000000000..e4ca91c8d67 >--- /dev/null >+++ b/selftest/knownfail.d/bug-15481 >@@ -0,0 +1 @@ >+^samba.tests.libsmb-basic.samba.tests.libsmb-basic.LibsmbTestCase.test_gencache_pollution_bz15481 >-- >2.39.3 > > >From 31ba45b4f8dcf5d6b1da73782725b8ae9b917387 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 19 Sep 2023 17:44:56 -0700 >Subject: [PATCH 2/2] smbd: Fix BZ15481 > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481 > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Wed Sep 20 22:42:48 UTC 2023 on atb-devel-224 > >(cherry picked from commit 3481bbfede5127e3664bcf464a0ae3dec9247ab7) >--- > selftest/knownfail.d/bug-15481 | 1 - > source3/smbd/filename.c | 12 +++++++++++- > 2 files changed, 11 insertions(+), 2 deletions(-) > delete mode 100644 selftest/knownfail.d/bug-15481 > >diff --git a/selftest/knownfail.d/bug-15481 b/selftest/knownfail.d/bug-15481 >deleted file mode 100644 >index e4ca91c8d67..00000000000 >--- a/selftest/knownfail.d/bug-15481 >+++ /dev/null >@@ -1 +0,0 @@ >-^samba.tests.libsmb-basic.samba.tests.libsmb-basic.LibsmbTestCase.test_gencache_pollution_bz15481 >diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c >index 9bd3ee77547..b00f85171ca 100644 >--- a/source3/smbd/filename.c >+++ b/source3/smbd/filename.c >@@ -784,6 +784,7 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( > > if (lp_stat_cache()) { > char *base_name = smb_fname_rel->base_name; >+ char *original_relname = NULL; > DATA_BLOB value = { .data = NULL }; > > ok = get_real_filename_cache_key( >@@ -805,7 +806,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( > } > DO_PROFILE_INC(statcache_hits); > >- TALLOC_FREE(smb_fname_rel->base_name); >+ /* >+ * For the "new filename" case we need to preserve the >+ * capitalization the client sent us, see >+ * https://bugzilla.samba.org/show_bug.cgi?id=15481 >+ */ >+ original_relname = smb_fname_rel->base_name; >+ > smb_fname_rel->base_name = talloc_memdup( > smb_fname_rel, value.data, value.length); > if (smb_fname_rel->base_name == NULL) { >@@ -823,10 +830,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( > status = openat_pathref_fsp(dirfsp, smb_fname_rel); > if (NT_STATUS_IS_OK(status)) { > TALLOC_FREE(cache_key.data); >+ TALLOC_FREE(original_relname); > return NT_STATUS_OK; > } > > memcache_delete(NULL, GETREALFILENAME_CACHE, cache_key); >+ TALLOC_FREE(smb_fname_rel->base_name); >+ smb_fname_rel->base_name = original_relname; > } > > lookup: >-- >2.39.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18114">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 15481
:
18113
| 18114