Bug 14732 - Fix subtle pathref unlinking bug in create_file_unixpath()
Summary: Fix subtle pathref unlinking bug in create_file_unixpath()
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.14.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
: 14733 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-06-08 17:13 UTC by Jeremy Allison
Modified: 2021-07-13 10:34 UTC (History)
2 users (show)

See Also:

Attachments
git-am fix for 4.14.next. (3.09 KB, patch)
2021-06-09 00:20 UTC, Jeremy Allison 		slow: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2021-06-08 17:13:29 UTC 
This is really subtle. If someone passes in an smb_fname where smb_fname
actually is taken from fsp->fsp_name, then the lifetime of these objects is
meant to be the same.

This is commonly the case from an SMB1 path-based
call (eg call_trans2qfilepathinfo) where we use the pathref fsp
(smb_fname->fsp) as the handle. In this case we must not
unlink smb_fname->fsp from it's owner.

The asserts below:

SMB_ASSERT(fsp->fsp_name->fsp != NULL);
SMB_ASSERT(fsp->fsp_name->fsp == fsp);

ensure the required invarients are met.

Have fix, need bugnumber.
Comment 1 Jeremy Allison 2021-06-08 18:49:42 UTC 
Passes ci here:

https://gitlab.com/samba-team/devel/samba/-/pipelines/317125524
Comment 2 Samba QA Contact 2021-06-08 20:45:03 UTC 
This bug was referenced in samba master:

8a427783e5e780d3ffbe4f9710ac4a17c483ca33
Comment 3 Jeremy Allison 2021-06-09 00:20:00 UTC 
Created attachment 16644 [details]
git-am fix for 4.14.next.

Cherry-picked from master.
Comment 4 Ralph Böhme 2021-06-09 04:56:04 UTC 
Reassigning to Karolin for inclusion in 4.14.
Comment 5 Douglas Bagnall 2021-06-09 23:47:16 UTC 
*** Bug 14733 has been marked as a duplicate of this bug. ***
Comment 6 Karolin Seeger 2021-06-10 09:22:13 UTC 
Pushed to autobuild-v4-14-test.
Comment 7 Samba QA Contact 2021-06-10 10:32:03 UTC 
This bug was referenced in samba v4-14-test:

42fa9f800fd008881c70cf37e63954f5987d0c78
Comment 8 Karolin Seeger 2021-06-14 07:31:13 UTC 
Pushed, closing out bug report.

Thanks!
Comment 9 Samba QA Contact 2021-07-13 10:34:29 UTC 
This bug was referenced in samba v4-14-stable (Release samba-4.14.6):

42fa9f800fd008881c70cf37e63954f5987d0c78