mirror of
https://github.com/samba-team/samba.git
synced 2025-03-19 18:50:24 +03:00
cdc5e9e4db
This fixes a use-after-free in smb_full_audit_create_file() when calling SMB_VFS_CREATE_FILE with fsp->fsp_name as smb_fname. create_file_unixpath() has this comment: * This is really subtle. If someone passes in an smb_fname * where smb_fname actually is taken from fsp->fsp_name, then * the lifetime of these objects is meant to be the same. so it seems legitimate to call CREATE_FILE this way. When CREATE_FILE runs into an error, create_file_unixpath() does a file_free, which also takes fsp->fsp_name with it. smb_full_audit_create_file() wants to log the failure including the smb_fname after NEXT_CREATE_FILE has exited, but this will then use the already free'ed data. Fix by only doing the file_free() on an fsp that create_file_unixpath() created itself. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 10 19:11:33 UTC 2022 on sn-devel-184 (cherry picked from commit 434e6d4b4b45757878642d229d26d146792a3878) Autobuild-User(v4-16-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-16-test): Mon Feb 14 18:36:26 UTC 2022 on sn-devel-184
# Files in this directory contain lists of regular expressions # matching the names of tests that are temporarily expected to fail. # # "make test" will not report failures for tests listed here and will consider # a successful run for any of these tests an error. # # Empty lines and lines beginning with '#' are ignored. # Please don't add tests to this README!