From 3481bbfede5127e3664bcf464a0ae3dec9247ab7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 19 Sep 2023 17:44:56 -0700 Subject: [PATCH] smbd: Fix BZ15481 Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Sep 20 22:42:48 UTC 2023 on atb-devel-224 --- selftest/knownfail.d/bug-15481 | 1 - source3/smbd/filename.c | 12 +++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) delete mode 100644 selftest/knownfail.d/bug-15481 diff --git a/selftest/knownfail.d/bug-15481 b/selftest/knownfail.d/bug-15481 deleted file mode 100644 index e4ca91c8d67..00000000000 --- a/selftest/knownfail.d/bug-15481 +++ /dev/null @@ -1 +0,0 @@ -^samba.tests.libsmb-basic.samba.tests.libsmb-basic.LibsmbTestCase.test_gencache_pollution_bz15481 diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index dcd08a06947..3c54ab17762 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -784,6 +784,7 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( if (lp_stat_cache()) { char *base_name = smb_fname_rel->base_name; + char *original_relname = NULL; DATA_BLOB value = { .data = NULL }; ok = get_real_filename_cache_key( @@ -805,7 +806,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( } DO_PROFILE_INC(statcache_hits); - TALLOC_FREE(smb_fname_rel->base_name); + /* + * For the "new filename" case we need to preserve the + * capitalization the client sent us, see + * https://bugzilla.samba.org/show_bug.cgi?id=15481 + */ + original_relname = smb_fname_rel->base_name; + smb_fname_rel->base_name = talloc_memdup( smb_fname_rel, value.data, value.length); if (smb_fname_rel->base_name == NULL) { @@ -823,10 +830,13 @@ static NTSTATUS openat_pathref_fsp_case_insensitive( status = openat_pathref_fsp(dirfsp, smb_fname_rel); if (NT_STATUS_IS_OK(status)) { TALLOC_FREE(cache_key.data); + TALLOC_FREE(original_relname); return NT_STATUS_OK; } memcache_delete(NULL, GETREALFILENAME_CACHE, cache_key); + TALLOC_FREE(smb_fname_rel->base_name); + smb_fname_rel->base_name = original_relname; } lookup: