Bug 6488 - acl_group_override() call in posix acls references an uninitialized variable.
Summary: acl_group_override() call in posix acls references an uninitialized variable.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P3 major
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-06-18 17:49 UTC by Jeremy Allison
Modified: 2009-06-19 10:24 UTC (History)
0 users

See Also:
vl: review+


Attachments
Patch for 3.4.0, v3-3-test and v3-2-test. (3.76 KB, patch)
2009-06-18 17:51 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2009-06-18 17:49:28 UTC
In smbd/posix_acls.c the acl_group_override() function doesn't initialize a SMB_STRUCT_STAT before use.
Patches for 3.4.0, v3-3-test and v3-2-test follows.
Jeremy.
Comment 1 Jeremy Allison 2009-06-18 17:51:50 UTC
Created attachment 4315 [details]
Patch for 3.4.0, v3-3-test and v3-2-test.

This patch, developed on v3-4-test, also applies cleanly to v3-3-test and v3-2-test. Volker please review, and then reassign to Karolin to push if you're ok with it. It passes down the already valid SMB_STRUCT_STAT buffer pointer instead of re-doing a stat.
Jeremy.
Comment 2 Volker Lendecke 2009-06-19 03:06:48 UTC
Wow.... That's a bit scary, isn't it?

Volker
Comment 3 Karolin Seeger 2009-06-19 04:07:35 UTC
After talking to Volker, picked the patch for 3.4.0rc1 and pushed to the other branches, too.
Closing out bug report.

Thanks!
Comment 4 Jeremy Allison 2009-06-19 10:24:05 UTC
Yes, it's kind of scary :-). I don't think it's exploitable in any fashion though, just would give the wrong result. Thanks for the review !
Jeremy.