Bug 15487 - smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set.
Summary: smbd crashes if asked to return full information on close of a stream handle ...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-04 17:03 UTC by Jeremy Allison
Modified: 2023-11-29 14:38 UTC (History)
1 user (show)

See Also:

Attachments
git-am fix for 4.19.next, 4.18.next. (2.13 KB, patch)
2023-10-27 00:48 UTC, Jeremy Allison 		slow: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2023-10-04 17:03:24 UTC 
Found by the Apple client test code at the SNIA SDC.

Asking for SMB2_CLOSE_FLAGS_FULL_INFORMATION goes through the "fsp->fsp_flags.fstat_before_close" path in fd_close(). Returning NT_STATUS_NOT_FOUND causes the caller to crash.

From Ralph's patch:

If this is a stream and delete-on-close was set, the
backing object (an xattr from streams_xattr) might
already be deleted so fstat() fails with
NT_STATUS_NOT_FOUND.

Have regression test and patch, need bugnumber.
Comment 1 Jeremy Allison 2023-10-04 18:32:41 UTC 
MR: https://gitlab.com/samba-team/samba/-/merge_requests/3300
Comment 2 Samba QA Contact 2023-10-10 09:40:07 UTC 
This bug was referenced in samba master:

f72ef19cf51d8ededa449344cc16b72cf3685302
c4047443a511f003eb855504315eeb8499fafcb7
340f0420bd34149ebe8fc76eb5fe4547970a5c5b
23deb79a28009f5c4ea2f2c2ceb84cfdbc9fb5b1
633a3ee6894cc1d05b44dbe47a278202803d9b21
Comment 3 Jeremy Allison 2023-10-27 00:48:20 UTC 
Created attachment 18177 [details]
git-am fix for 4.19.next, 4.18.next.

Cherry-picked from master. I can't back-port the regression test as that relies on python client changes that are not in 4.19.x or 4.18.x.
Comment 4 Ralph Böhme 2023-11-09 10:55:41 UTC 
Reassigning to Jule for inclusion in 4.18 and 4.19.
Comment 5 Jule Anger 2023-11-13 08:17:54 UTC 
Pushed to autobuild-v4-{19,18}-test.
Comment 6 Samba QA Contact 2023-11-13 10:03:03 UTC 
This bug was referenced in samba v4-19-test:

adb1da16e39d4be1ae01e6ec8064e5d897a81a9e
Comment 7 Samba QA Contact 2023-11-13 12:17:03 UTC 
This bug was referenced in samba v4-18-test:

9a5b46d89e2820d447c5e4c9c6a0c67d58962c6e
Comment 8 Jule Anger 2023-11-13 12:35:23 UTC 
Closing out bug report.

Thanks!
Comment 9 Samba QA Contact 2023-11-27 12:12:19 UTC 
This bug was referenced in samba v4-19-stable (Release samba-4.19.3):

adb1da16e39d4be1ae01e6ec8064e5d897a81a9e
Comment 10 Samba QA Contact 2023-11-29 14:38:54 UTC 
This bug was referenced in samba v4-18-stable (Release samba-4.18.9):

9a5b46d89e2820d447c5e4c9c6a0c67d58962c6e