mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:smbd: fix NULL dereference in case of readlink failure
When VFS readlinkat hook returns with error the following sequence
yields NULL-pointer dereference (SIGSEGV):
symlink_target_below_conn (source3/smbd/open.c)
char *target = NULL;
...
readlink_talloc (source3/smbd/files.c)
SMB_VFS_READLINKAT
smb_vfs_call_readlinkat (source3/smbd/vfs.c)
handle->fns->readlinkat_fn --> returns error
status = safe_symlink_target_path(.., target /* NULL */ ..)
safe_symlink_target_path (source3/smbd/filename.c)
if (target[0] == '/') { /* NULL pointer dereference */
A failure in VFS module's readlinkat hook may happen due to run-time
error (e.g., network failure which cases libcephfs to disconnect from
MDS).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224
(cherry picked from commit 168966a053
)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Aug 26 15:45:20 UTC 2024 on atb-devel-224
This commit is contained in:
parent
b9d9bec51c
commit
f7dc86c173
@ -592,6 +592,10 @@ static NTSTATUS symlink_target_below_conn(
|
||||
talloc_tos(), dirfsp, symlink_name, &target);
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
status = safe_symlink_target_path(talloc_tos(),
|
||||
connection_path,
|
||||
dirfsp->fsp_name->base_name,
|
||||
|
Loading…
Reference in New Issue
Block a user