summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2023-02-28 11:20:12 -0800
committerJule Anger <janger@samba.org>2023-03-08 10:11:41 +0000
commitec6a057e6908408c7d64f6da7e5b11503d14a144 (patch)
treea10f89e5cbc6562cdaf0a4e8fb92f3f08429e167
parent460bc1897a3031728a505e660155f55a0762e5c8 (diff)
downloadsamba-ec6a057e6908408c7d64f6da7e5b11503d14a144.tar.gz
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
When open_stream_pathref_fsp() returns NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp has been set to NULL, so we must free base_fsp separately to prevent fd-leaks when opening a stream that doesn't exist. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224 (cherry picked from commit 3f84a6df4546e0f1e62dfbcd0b823ea29499a787) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Wed Mar 8 10:11:41 UTC 2023 on sn-devel-184
Diffstat
-rw-r--r--selftest/knownfail.d/stream_rename1
-rw-r--r--source3/smbd/filename.c21
2 files changed, 21 insertions, 1 deletions
diff --git a/selftest/knownfail.d/stream_rename b/selftest/knownfail.d/stream_rename
deleted file mode 100644
index 2dccb826cd6..00000000000
--- a/selftest/knownfail.d/stream_rename
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.stream_dir_rename.stream_rename\(fileserver\)
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 2e03c6a5ab7..326c2812bb2 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1412,6 +1412,16 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
status = NT_STATUS_NO_MEMORY;
goto fail;
}
+ /*
+ * When open_stream_pathref_fsp() returns
+ * NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
+ * has been set to NULL, so we must free base_fsp separately
+ * to prevent fd-leaks when opening a stream that doesn't
+ * exist.
+ */
+ fd_close(base_fsp);
+ file_free(NULL, base_fsp);
+ base_fsp = NULL;
goto done;
}
@@ -1428,6 +1438,17 @@ done:
return NT_STATUS_OK;
fail:
+ /*
+ * If open_stream_pathref_fsp() returns an error, smb_fname_rel->fsp
+ * has been set to NULL, so we must free base_fsp separately
+ * to prevent fd-leaks when opening a stream that doesn't
+ * exist.
+ */
+ if (base_fsp != NULL) {
+ fd_close(base_fsp);
+ file_free(NULL, base_fsp);
+ base_fsp = NULL;
+ }
TALLOC_FREE(dirname);
TALLOC_FREE(smb_dirname);
TALLOC_FREE(smb_fname_rel);
View Lorry Controller Status