TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()

Forcing a reload of the smb.conf option values means the pointer learned
in vfs_recycle_connect() become stale.

This will be reverted at the end of the patset again.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/selftest/knownfail.d/samba3.blackbox.recycle b/selftest/knownfail.d/samba3.blackbox.recycle
new file mode 100644 (file)
index 0000000..bae7f71
--- /dev/null
+++ b/selftest/knownfail.d/samba3.blackbox.recycle
@@ -0,0 +1,2 @@
+^samba3.blackbox.recycle.recycle.fileserver
+^samba3.blackbox.recycle.check_panic.fileserver

diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 327a7eea06e31b8d076f5e4fad72d5148030be15..43e229692d1df03924765bd0dfa50d8829ea3087 100644 (file)
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -437,6 +437,8 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
        int rc = -1;
        struct recycle_config_data *config;
 
+       reload_services(NULL, NULL, false);
+
        SMB_VFS_HANDLE_GET_DATA(handle,
                                config,
                                struct recycle_config_data,