Created attachment 17725 [details] GDB Backtrace vfs_virusfilter does not work at all in latest version, segfaults due to NULL access. (from Jeremy Allison) The error is occurring due to this code in openat_pathref_dirfsp_nosymlink(). 1055 if (dirfsp != conn->cwd_fsp) { 1056 dirfsp->fsp_name = NULL; 1057 SMB_ASSERT(fsp_get_pathref_fd(dirfsp) != -1); 1058 fd_close(dirfsp); 1059 file_free(NULL, dirfsp); 1060 dirfsp = NULL; 1061 } Note line 1056 which sets dirfsp->fsp_name = NULL. Then inside virusfilter_vfs_close() we have: 1412 static int virusfilter_vfs_close( 1413 struct vfs_handle_struct *handle, 1414 files_struct *fsp) 1415 { 1416 /* 1417 * The name of this variable is for consistency. If API changes to 1418 * match _open change to cwd_fname as in virusfilter_vfs_open. 1419 */ 1420 const char *cwd_fname = handle->conn->connectpath; 1421 1422 struct virusfilter_config *config = NULL; 1423 char *fname = fsp->fsp_name->base_name; 1424 int close_result = -1; 1425 int close_errno = 0; 1426 virusfilter_result scan_result; 1427 int scan_errno = 0; 1428 1429 SMB_VFS_HANDLE_GET_DATA(handle, config, 1430 struct virusfilter_config, return -1); Note line 1423: char *fname = fsp->fsp_name->base_name; As we've just set fsp_name == NULL in the caller, we crash here. Jeremy proposed the following patch to fix this: ------------------------------------------------- diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c index 124b4091c1b..8df7d98b9e0 100644 --- a/source3/modules/vfs_virusfilter.c +++ b/source3/modules/vfs_virusfilter.c @@ -1420,7 +1420,7 @@ static int virusfilter_vfs_close( const char *cwd_fname = handle->conn->connectpath; struct virusfilter_config *config = NULL; - char *fname = fsp->fsp_name->base_name; + char *fname = NULL; int close_result = -1; int close_errno = 0; virusfilter_result scan_result; @@ -1439,6 +1439,13 @@ static int virusfilter_vfs_close( close_errno = errno; } + if (fsp->fsp_flags.is_directory) { + DBG_INFO("Not scanned: Directory: %s/\n", cwd_fname); + return close_result; + } + + fname = fsp->fsp_name->base_name; + /* * Return immediately if close_result == -1, and close_errno == EBADF. * If close failed, file likely doesn't exist, do not try to scan. @@ -1453,11 +1460,6 @@ static int virusfilter_vfs_close( goto virusfilter_vfs_close_fail; } - if (fsp->fsp_flags.is_directory) { - DBG_INFO("Not scanned: Directory: %s/\n", cwd_fname); - return close_result; - } - if (fsp_is_alternate_stream(fsp)) { if (config->scan_on_open && fsp->fsp_flags.modified) { if (config->cache) { ------------------------------------------------- After manually applying the patch, I confirm that vfs_virusfilter is working again, scanning and removing an eicar testfile works
This bug was referenced in samba master: c844bff3eca336547c6cedfeeb03adda4eed57c6 3d3d01cda8d3a6d0d18d1b808aa9414e71d56062
Created attachment 17735 [details] Patch for 4.17
Re-assigning to Jule for inclusion in 4.17.next.
Pushed to autobuild-v4-17-test.
This bug was referenced in samba v4-17-test: 669da62d636d8e2dada61e096b33b91dde6c9eeb 34a9084044814868a2a8d7deca9b3c8df1767abd
Closing out bug report. Thanks!
This bug was referenced in samba v4-17-stable (Release samba-4.17.5): 669da62d636d8e2dada61e096b33b91dde6c9eeb 34a9084044814868a2a8d7deca9b3c8df1767abd