1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

smbd: fix check_parent_access() talloc stackframe leaks

check_parent_access() currently leaks a number of allocations onto the
talloc_tos() context in both success and error paths.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Mar 15 11:32:04 UTC 2019 on sn-devel-144
This commit is contained in:
David Disseldorp 2019-03-12 18:49:09 +01:00
parent edd4a23d76
commit 1375e08580

View File

@ -258,21 +258,24 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
uint32_t name_hash;
bool delete_on_close_set;
int ret;
TALLOC_CTX *frame = talloc_stackframe();
if (!parent_dirname(talloc_tos(),
if (!parent_dirname(frame,
smb_fname->base_name,
&parent_dir,
NULL)) {
return NT_STATUS_NO_MEMORY;
status = NT_STATUS_NO_MEMORY;
goto out;
}
parent_smb_fname = synthetic_smb_fname(talloc_tos(),
parent_smb_fname = synthetic_smb_fname(frame,
parent_dir,
NULL,
NULL,
smb_fname->flags);
if (parent_smb_fname == NULL) {
return NT_STATUS_NO_MEMORY;
status = NT_STATUS_NO_MEMORY;
goto out;
}
if (get_current_uid(conn) == (uid_t)0) {
@ -281,13 +284,14 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
"on %s. Granting 0x%x\n",
smb_fname_str_dbg(smb_fname),
(unsigned int)access_mask ));
return NT_STATUS_OK;
status = NT_STATUS_OK;
goto out;
}
status = SMB_VFS_GET_NT_ACL(conn,
parent_smb_fname,
SECINFO_DACL,
talloc_tos(),
frame,
&parent_sd);
if (!NT_STATUS_IS_OK(status)) {
@ -295,7 +299,7 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
"%s with error %s\n",
parent_dir,
nt_errstr(status)));
return status;
goto out;
}
/*
@ -322,14 +326,16 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
access_mask,
access_granted,
nt_errstr(status) ));
return status;
goto out;
}
if (!(access_mask & (SEC_DIR_ADD_FILE | SEC_DIR_ADD_SUBDIR))) {
return NT_STATUS_OK;
status = NT_STATUS_OK;
goto out;
}
if (!lp_check_parent_directory_delete_on_close(SNUM(conn))) {
return NT_STATUS_OK;
status = NT_STATUS_OK;
goto out;
}
/* Check if the directory has delete-on-close set */
@ -346,7 +352,7 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
goto out;
}
lck = get_existing_share_mode_lock(talloc_tos(), id);
lck = get_existing_share_mode_lock(frame, id);
if (lck == NULL) {
status = NT_STATUS_OK;
goto out;
@ -361,8 +367,7 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
status = NT_STATUS_OK;
out:
TALLOC_FREE(lck);
TALLOC_FREE(parent_smb_fname);
TALLOC_FREE(frame);
return status;
}