The Samba-Bugzilla – Attachment 18418 Details for
Bug 15700
crash when readlinkat fails
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.19 and above
bug-15700.patch (text/plain), 1.79 KB, created by
Volker Lendecke
on 2024-08-23 10:02:20 UTC
(
hide
)
Description:
Patch for 4.19 and above
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2024-08-23 10:02:20 UTC
Size:
1.79 KB
patch
obsolete
>From 4e1e6d17e6074e6f350946f601c5b64667eeaa20 Mon Sep 17 00:00:00 2001 >From: Shachar Sharon <ssharon@redhat.com> >Date: Thu, 22 Aug 2024 14:44:28 +0300 >Subject: [PATCH] s3:smbd: fix NULL dereference in case of readlink failure > >When VFS readlinkat hook returns with error the following sequence >yields NULL-pointer dereference (SIGSEGV): > > symlink_target_below_conn (source3/smbd/open.c) > char *target = NULL; > ... > readlink_talloc (source3/smbd/files.c) > SMB_VFS_READLINKAT > smb_vfs_call_readlinkat (source3/smbd/vfs.c) > handle->fns->readlinkat_fn --> returns error > > status = safe_symlink_target_path(.., target /* NULL */ ..) > safe_symlink_target_path (source3/smbd/filename.c) > if (target[0] == '/') { /* NULL pointer dereference */ > >A failure in VFS module's readlinkat hook may happen due to run-time >error (e.g., network failure which cases libcephfs to disconnect from >MDS). > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700 >Signed-off-by: Shachar Sharon <ssharon@redhat.com> >Reviewed-by: John Mulligan <jmulligan@redhat.com> >Reviewed-by: Volker Lendecke <vl@samba.org> > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224 > >(cherry picked from commit 168966a053045476a84044aa73f66722eb702fe0) >--- > source3/smbd/open.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 36c890dc9d55..6c410c3e70ba 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -591,6 +591,10 @@ static NTSTATUS symlink_target_below_conn( > talloc_tos(), dirfsp, symlink_name, &target); > } > >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ > status = safe_symlink_target_path(talloc_tos(), > connection_path, > dirfsp->fsp_name->base_name, >-- >2.39.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 15700
: 18418