The branch, master has been updated
via 3481bbfede5 smbd: Fix BZ15481
via 56df75d4479 tests: Add reproducer for BZ15481
from 11280f1705c s3: smbd: Ensure we remove any pending aio values for
named pipes on forced shutdown.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3481bbfede5127e3664bcf464a0ae3dec9247ab7
Author: Volker Lendecke <v...@samba.org>
Date: Tue Sep 19 17:44:56 2023 -0700
smbd: Fix BZ15481
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Wed Sep 20 22:42:48 UTC 2023 on atb-devel-224
commit 56df75d44795582dcecb8676a0d80d6f4a46c7e9
Author: Volker Lendecke <v...@samba.org>
Date: Wed Sep 20 10:53:52 2023 -0700
tests: Add reproducer for BZ15481
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/libsmb-basic.py | 27 +++++++++++++++++++++++++++
source3/smbd/filename.c | 12 +++++++++++-
2 files changed, 38 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/libsmb-basic.py
b/python/samba/tests/libsmb-basic.py
index cbe7cce5bae..163c5b09ea9 100644
--- a/python/samba/tests/libsmb-basic.py
+++ b/python/samba/tests/libsmb-basic.py
@@ -215,6 +215,33 @@ class LibsmbTestCase(samba.tests.libsmb.LibsmbTests):
c1.unlink("x")
c1 = None
+ def test_gencache_pollution_bz15481(self):
+ c = libsmb.Conn(self.server_ip, "tmp", self.lp, self.creds)
+ fh = c.create("file",
+ DesiredAccess=security.SEC_STD_DELETE,
+ CreateDisposition=libsmb.FILE_CREATE)
+
+ # prime the gencache File->file
+ fh_upper = c.create("File",
+ DesiredAccess=security.SEC_FILE_READ_ATTRIBUTE,
+ CreateDisposition=libsmb.FILE_OPEN)
+ c.close(fh_upper)
+
+ c.delete_on_close(fh, 1)
+ c.close(fh)
+
+ fh = c.create("File",
+ DesiredAccess=security.SEC_STD_DELETE,
+ CreateDisposition=libsmb.FILE_CREATE)
+
+ directory = c.list("\\", "File")
+
+ c.delete_on_close(fh, 1)
+ c.close(fh)
+
+ # Without the bugfix for 15481 we get 'file' not 'File'
+ self.assertEqual(directory[0]['name'], 'File')
+
if __name__ == "__main__":
import unittest
unittest.main()
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index dcd08a06947..3c54ab17762 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -784,6 +784,7 @@ static NTSTATUS openat_pathref_fsp_case_insensitive(
if (lp_stat_cache()) {
char *base_name = smb_fname_rel->base_name;
+ char *original_relname = NULL;
DATA_BLOB value = { .data = NULL };
ok = get_real_filename_cache_key(
@@ -805,7 +806,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive(
}
DO_PROFILE_INC(statcache_hits);
- TALLOC_FREE(smb_fname_rel->base_name);
+ /*
+ * For the "new filename" case we need to preserve the
+ * capitalization the client sent us, see
+ * https://bugzilla.samba.org/show_bug.cgi?id=15481
+ */
+ original_relname = smb_fname_rel->base_name;
+
smb_fname_rel->base_name = talloc_memdup(
smb_fname_rel, value.data, value.length);
if (smb_fname_rel->base_name == NULL) {
@@ -823,10 +830,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive(
status = openat_pathref_fsp(dirfsp, smb_fname_rel);
if (NT_STATUS_IS_OK(status)) {
TALLOC_FREE(cache_key.data);
+ TALLOC_FREE(original_relname);
return NT_STATUS_OK;
}
memcache_delete(NULL, GETREALFILENAME_CACHE, cache_key);
+ TALLOC_FREE(smb_fname_rel->base_name);
+ smb_fname_rel->base_name = original_relname;
}
lookup:
--
Samba Shared Repository
