Bug 13100 - Double free in vfs_gluster
Summary: Double free in vfs_gluster
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.7.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-25 17:43 UTC by Andreas Schneider
Modified: 2017-11-03 10:10 UTC (History)
2 users (show)

See Also:

Attachments
patch for 4.7 (1.02 KB, patch)
2017-10-26 12:15 UTC, Andreas Schneider 		jra: review+
Details
patch for 4.6 (1000 bytes, patch)
2017-10-26 12:16 UTC, Andreas Schneider 		jra: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2017-10-25 17:43:27 UTC 
There is a double free in vfs_gluster_getwd().
Comment 1 Andreas Schneider 2017-10-26 12:15:43 UTC 
Created attachment 13726 [details]
patch for 4.7
Comment 2 Andreas Schneider 2017-10-26 12:16:41 UTC 
Created attachment 13727 [details]
patch for 4.6
Comment 3 Jeremy Allison 2017-10-26 17:45:15 UTC 
Re-assigning to Karolin for inclusion in 4.7.next, 4.6.next.
Comment 4 Karolin Seeger 2017-11-01 09:47:22 UTC 
(In reply to Jeremy Allison from comment #3)
Pushed to autobuild-v4-7-test.

Will there be a new version of the patch for 4.6?
Comment 5 Jeremy Allison 2017-11-01 17:43:30 UTC 
Comment on attachment 13727 [details]
patch for 4.6

>From 413a4c7985c37f89fa8123c05135858cb3448462 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 25 Oct 2017 19:39:34 +0200
>Subject: [PATCH] s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd()
>
>Found by cppcheck.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13100
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>
>(cherry picked from commit 16389bed0773952ca563b7bf1fecc2a737587257)
>---
> source3/modules/vfs_glusterfs.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
>index 1c9be2d97f1..85d148335f0 100644
>--- a/source3/modules/vfs_glusterfs.c
>+++ b/source3/modules/vfs_glusterfs.c
>@@ -1083,8 +1083,9 @@ static char *vfs_gluster_getwd(struct vfs_handle_struct *handle)
> 	}
> 
> 	ret = glfs_getcwd(handle->data, cwd, PATH_MAX - 1);
>-	if (ret == 0) {
>+	if (ret == NULL) {
> 		free(cwd);
>+		return NULL;
> 	}
> 	return ret;
> }
>-- 
>2.14.2
>
Comment 6 Jeremy Allison 2017-11-01 17:44:09 UTC 
Patch for 4.6.next is good, sorry Karolin. I must have clicked on "obsolete" by mistake when I +1 reviewed it.

Jeremy.
Comment 7 Karolin Seeger 2017-11-02 07:51:35 UTC 
(In reply to Jeremy Allison from comment #6)
Thanks! :-)
Pushed to autobuild-v4-6-test.
Comment 8 Karolin Seeger 2017-11-03 10:10:11 UTC 
Pushed to v4-6-test(In reply to Karolin Seeger from comment #7)
Pushed to both branches.
Closing out bug report.

Thanks!