Bug 13100 - Double free in vfs_gluster
Double free in vfs_gluster
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules
4.7.0
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-25 17:43 UTC by Andreas Schneider
Modified: 2017-11-03 10:10 UTC (History)
2 users (show)

See Also:


Attachments
patch for 4.7 (1.02 KB, patch)
2017-10-26 12:15 UTC, Andreas Schneider
jra: review+
Details
patch for 4.6 (1000 bytes, patch)
2017-10-26 12:16 UTC, Andreas Schneider
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2017-10-25 17:43:27 UTC
There is a double free in vfs_gluster_getwd().
Comment 1 Andreas Schneider 2017-10-26 12:15:43 UTC
Created attachment 13726 [details]
patch for 4.7
Comment 2 Andreas Schneider 2017-10-26 12:16:41 UTC
Created attachment 13727 [details]
patch for 4.6
Comment 3 Jeremy Allison 2017-10-26 17:45:15 UTC
Re-assigning to Karolin for inclusion in 4.7.next, 4.6.next.
Comment 4 Karolin Seeger 2017-11-01 09:47:22 UTC
(In reply to Jeremy Allison from comment #3)
Pushed to autobuild-v4-7-test.

Will there be a new version of the patch for 4.6?
Comment 5 Jeremy Allison 2017-11-01 17:43:30 UTC
Comment on attachment 13727 [details]
patch for 4.6

>From 413a4c7985c37f89fa8123c05135858cb3448462 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 25 Oct 2017 19:39:34 +0200
>Subject: [PATCH] s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd()
>
>Found by cppcheck.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13100
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>
>(cherry picked from commit 16389bed0773952ca563b7bf1fecc2a737587257)
>---
> source3/modules/vfs_glusterfs.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
>index 1c9be2d97f1..85d148335f0 100644
>--- a/source3/modules/vfs_glusterfs.c
>+++ b/source3/modules/vfs_glusterfs.c
>@@ -1083,8 +1083,9 @@ static char *vfs_gluster_getwd(struct vfs_handle_struct *handle)
> 	}
> 
> 	ret = glfs_getcwd(handle->data, cwd, PATH_MAX - 1);
>-	if (ret == 0) {
>+	if (ret == NULL) {
> 		free(cwd);
>+		return NULL;
> 	}
> 	return ret;
> }
>-- 
>2.14.2
>
Comment 6 Jeremy Allison 2017-11-01 17:44:09 UTC
Patch for 4.6.next is good, sorry Karolin. I must have clicked on "obsolete" by mistake when I +1 reviewed it.

Jeremy.
Comment 7 Karolin Seeger 2017-11-02 07:51:35 UTC
(In reply to Jeremy Allison from comment #6)
Thanks! :-)
Pushed to autobuild-v4-6-test.
Comment 8 Karolin Seeger 2017-11-03 10:10:11 UTC
Pushed to v4-6-test(In reply to Karolin Seeger from comment #7)
Pushed to both branches.
Closing out bug report.

Thanks!