mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
46a6c6ff6d
This helps avoiding a NULL dereference on systems where additional patches modify the following condition in open_file() if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) || (!file_existed && (local_flags & O_CREAT)) || ((local_flags & O_TRUNC) == O_TRUNC) ) { to if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE|DELETE_ACCESS)) || (!file_existed && (local_flags & O_CREAT)) || ((local_flags & O_TRUNC) == O_TRUNC) ) { Ie addtionally check open_access_mask against DELETE_ACCESS. As a result opens with DELETE_ACCESS go through the code that does an fd_open() plus a subsequent fstat(). That will trigger a crash in fruit_fstat_meta_stream() when a client wants to delete a file for deletion. When we open base file for delete, we call open_streams_for_delete() which internally calls create-file with NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE which prevents opening of the base_fsp. Voila, combined with the change described above you get a NULL deref. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sun Dec 2 07:52:34 CET 2018 on sn-devel-144 |
||
---|---|---|
.. | ||
auth | ||
build | ||
client | ||
exports | ||
groupdb | ||
include | ||
intl | ||
lib | ||
libads | ||
libgpo/gpext | ||
libnet | ||
librpc | ||
libsmb | ||
locale | ||
locking | ||
modules | ||
nmbd | ||
param | ||
passdb | ||
printing | ||
profile | ||
registry | ||
rpc_client | ||
rpc_server | ||
rpcclient | ||
script | ||
selftest | ||
services | ||
smbd | ||
torture | ||
utils | ||
web | ||
winbindd | ||
.clang_complete | ||
.dmallocrc | ||
.indent.pro | ||
Doxyfile | ||
mainpage.dox | ||
smbadduser.in | ||
wscript | ||
wscript_build | ||
wscript_configure_system_ncurses |