summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2023-02-28 11:20:12 -0800
committerJule Anger <janger@samba.org>2023-03-08 11:16:53 +0000
commit800f4f9cc9dba727cdca44b3f799cfa83f5f0854 (patch)
tree64160aaddef9e060642e1d7390b7a0261afb7cc3
parent3fb8f2c579cf13fd7d0367ace97d8d2ff5d2c5ac (diff)
downloadsamba-800f4f9cc9dba727cdca44b3f799cfa83f5f0854.tar.gz
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
When open_stream_pathref_fsp() returns NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp has been set to NULL, so we must free base_fsp separately to prevent fd-leaks when opening a stream that doesn't exist. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224 (cherry picked from commit 3f84a6df4546e0f1e62dfbcd0b823ea29499a787) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Wed Mar 8 11:16:54 UTC 2023 on atb-devel-224
Diffstat
-rw-r--r--selftest/knownfail.d/stream_rename1
-rw-r--r--source3/smbd/filename.c21
2 files changed, 21 insertions, 1 deletions
diff --git a/selftest/knownfail.d/stream_rename b/selftest/knownfail.d/stream_rename
deleted file mode 100644
index 2dccb826cd6..00000000000
--- a/selftest/knownfail.d/stream_rename
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.blackbox.stream_dir_rename.stream_rename\(fileserver\)
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 73e88add2c3..b7160af0cfd 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1378,6 +1378,16 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
status = NT_STATUS_NO_MEMORY;
goto fail;
}
+ /*
+ * When open_stream_pathref_fsp() returns
+ * NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
+ * has been set to NULL, so we must free base_fsp separately
+ * to prevent fd-leaks when opening a stream that doesn't
+ * exist.
+ */
+ fd_close(base_fsp);
+ file_free(NULL, base_fsp);
+ base_fsp = NULL;
goto done;
}
@@ -1394,6 +1404,17 @@ done:
return NT_STATUS_OK;
fail:
+ /*
+ * If open_stream_pathref_fsp() returns an error, smb_fname_rel->fsp
+ * has been set to NULL, so we must free base_fsp separately
+ * to prevent fd-leaks when opening a stream that doesn't
+ * exist.
+ */
+ if (base_fsp != NULL) {
+ fd_close(base_fsp);
+ file_free(NULL, base_fsp);
+ base_fsp = NULL;
+ }
TALLOC_FREE(dirname);
TALLOC_FREE(smb_dirname);
TALLOC_FREE(smb_fname_rel);
View Lorry Controller Status