The branch, v3-6-test has been updated
via e5e8668 Complete fix for bug #8811 - sd_has_inheritable_components
segfaults on an SD that se_access_check accepts.
from 2041ef3 s3: remove dependency on automake for "make everything"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit e5e86688bdcb91817954fb23ecf10a3b6ddd3933
Author: Jeremy Allison <[email protected]>
Date: Fri Mar 30 11:58:31 2012 -0700
Complete fix for bug #8811 - sd_has_inheritable_components segfaults on an
SD that se_access_check accepts.
-----------------------------------------------------------------------
Summary of changes:
source3/lib/secdesc.c | 4 ++++
source3/modules/vfs_acl_common.c | 25 ++++++++++++++++++++-----
source3/smbd/file_access.c | 5 ++++-
3 files changed, 28 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 001eccb..007e097 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -534,6 +534,10 @@ bool sd_has_inheritable_components(const struct
security_descriptor *parent_ctr,
unsigned int i;
const struct security_acl *the_acl = parent_ctr->dacl;
+ if (the_acl == NULL) {
+ return false;
+ }
+
for (i = 0; i < the_acl->num_aces; i++) {
const struct security_ace *ace = &the_acl->aces[i];
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 56da3af..a537011 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -166,7 +166,7 @@ static NTSTATUS create_acl_blob(const struct
security_descriptor *psd,
CREATOR_OWNER/CREATOR_GROUP/WORLD.
*******************************************************************/
-static void add_directory_inheritable_components(vfs_handle_struct *handle,
+static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
const char *name,
SMB_STRUCT_STAT *psbuf,
struct security_descriptor *psd)
@@ -184,7 +184,7 @@ static void
add_directory_inheritable_components(vfs_handle_struct *handle,
num_aces + 3);
if (new_ace_list == NULL) {
- return;
+ return NT_STATUS_NO_MEMORY;
}
/* Fake a quick smb_filename. */
@@ -236,8 +236,19 @@ static void
add_directory_inheritable_components(vfs_handle_struct *handle,
SEC_ACE_FLAG_CONTAINER_INHERIT|
SEC_ACE_FLAG_OBJECT_INHERIT|
SEC_ACE_FLAG_INHERIT_ONLY);
- psd->dacl->aces = new_ace_list;
- psd->dacl->num_aces += 3;
+ if (psd->dacl) {
+ psd->dacl->aces = new_ace_list;
+ psd->dacl->num_aces += 3;
+ } else {
+ psd->dacl = make_sec_acl(talloc_tos(),
+ NT4_ACL_REVISION,
+ 3,
+ new_ace_list);
+ if (psd->dacl == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ return NT_STATUS_OK;
}
/*******************************************************************
@@ -393,10 +404,14 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct
*handle,
if (is_directory &&
!sd_has_inheritable_components(psd,
true)) {
- add_directory_inheritable_components(handle,
+ status = add_directory_inheritable_components(
+ handle,
name,
psbuf,
psd);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
}
/* The underlying POSIX module always sets
the ~SEC_DESC_DACL_PROTECTED bit, as ACLs
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 9f95d68..bd65a70 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -261,7 +261,10 @@ bool directory_has_default_acl(connection_struct *conn,
const char *fname)
NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
SECINFO_DACL, &secdesc);
- if (!NT_STATUS_IS_OK(status) || secdesc == NULL) {
+ if (!NT_STATUS_IS_OK(status) ||
+ secdesc == NULL ||
+ secdesc->dacl == NULL) {
+ TALLOC_FREE(secdesc);
return false;
}
--
Samba Shared Repository
