[SCM] Samba Shared Repository - branch master updated

Ralph Böhme Wed, 30 Sep 2015 23:59:55 -0700

The branch, master has been updated
       via  f9ceaf4 s3: smbd: Fix NULL pointer bug introduced by previous 'raw' 
stream fix (bug #11522).
       via  bec685f s3: smbd: fix a crash in unix_convert()
      from  00954a9 lib: We can do ACCRIGHTS style fdpassing


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f9ceaf443991e0bb5db23eeced2841436f47359e
Author: Jeremy Allison <j...@samba.org>
Date:   Wed Sep 30 17:12:11 2015 -0700

    s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug 
#11522).
    
    Ensure dirpath can never be NULL.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>
    
    Autobuild-User(master): Ralph Böhme <s...@samba.org>
    Autobuild-Date(master): Thu Oct  1 08:58:36 CEST 2015 on sn-devel-104

commit bec685fb13e7cbe3bb98e5647183720d31f1c522
Author: Ralph Boehme <s...@samba.org>
Date:   Fri Sep 25 21:06:57 2015 +0200

    s3: smbd: fix a crash in unix_convert()
    
    Some error code paths may result in dirpath being NULL.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535
    
    Signed-off-by: Ralph Boehme <s...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/filename.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 3ed60e2..555658d 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -388,6 +388,12 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
                                        status = map_nt_error_from_unix(errno);
                                        goto err;
                                }
+                               /* dirpath must exist. */
+                               dirpath = talloc_strdup(ctx,"");
+                               if (dirpath == NULL) {
+                                       status = NT_STATUS_NO_MEMORY;
+                                       goto err;
+                               }
                                DEBUG(5, ("conversion finished %s -> %s\n",
                                        orig_path,
                                        smb_fname->base_name));
@@ -1013,7 +1019,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
        return NT_STATUS_OK;
  fail:
        DEBUG(10, ("dirpath = [%s] start = [%s]\n", dirpath, start));
-       if (*dirpath != '\0') {
+       if (dirpath && *dirpath != '\0') {
                smb_fname->base_name = talloc_asprintf(smb_fname, "%s/%s",
                                                       dirpath, start);
        } else {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to