diff options
author | Jeremy Allison <jra@samba.org> | 2023-02-28 11:20:12 -0800 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-03-08 10:11:41 +0000 |
commit | ec6a057e6908408c7d64f6da7e5b11503d14a144 (patch) | |
tree | a10f89e5cbc6562cdaf0a4e8fb92f3f08429e167 | |
parent | 460bc1897a3031728a505e660155f55a0762e5c8 (diff) | |
download | samba-ec6a057e6908408c7d64f6da7e5b11503d14a144.tar.gz |
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
When open_stream_pathref_fsp() returns
NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
has been set to NULL, so we must free base_fsp separately
to prevent fd-leaks when opening a stream that doesn't
exist.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224
(cherry picked from commit 3f84a6df4546e0f1e62dfbcd0b823ea29499a787)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Wed Mar 8 10:11:41 UTC 2023 on sn-devel-184
-rw-r--r-- | selftest/knownfail.d/stream_rename | 1 | ||||
-rw-r--r-- | source3/smbd/filename.c | 21 |
2 files changed, 21 insertions, 1 deletions
diff --git a/selftest/knownfail.d/stream_rename b/selftest/knownfail.d/stream_rename deleted file mode 100644 index 2dccb826cd6..00000000000 --- a/selftest/knownfail.d/stream_rename +++ /dev/null @@ -1 +0,0 @@ -^samba3.blackbox.stream_dir_rename.stream_rename\(fileserver\) diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 2e03c6a5ab7..326c2812bb2 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -1412,6 +1412,16 @@ static NTSTATUS filename_convert_dirfsp_nosymlink( status = NT_STATUS_NO_MEMORY; goto fail; } + /* + * When open_stream_pathref_fsp() returns + * NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp + * has been set to NULL, so we must free base_fsp separately + * to prevent fd-leaks when opening a stream that doesn't + * exist. + */ + fd_close(base_fsp); + file_free(NULL, base_fsp); + base_fsp = NULL; goto done; } @@ -1428,6 +1438,17 @@ done: return NT_STATUS_OK; fail: + /* + * If open_stream_pathref_fsp() returns an error, smb_fname_rel->fsp + * has been set to NULL, so we must free base_fsp separately + * to prevent fd-leaks when opening a stream that doesn't + * exist. + */ + if (base_fsp != NULL) { + fd_close(base_fsp); + file_free(NULL, base_fsp); + base_fsp = NULL; + } TALLOC_FREE(dirname); TALLOC_FREE(smb_dirname); TALLOC_FREE(smb_fname_rel); |