From: Andreas Schneider Date: Mon, 1 Feb 2021 11:03:17 +0000 (+0100) Subject: s3:smbd: Fix invalid memory access in posix_sys_acl_blob_get_fd() X-Git-Tag: tevent-0.11.0~1849 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a93f5367bc55ee14f13da5bdb812333c9d9e9f3;p=thirdparty%2Fsamba.git s3:smbd: Fix invalid memory access in posix_sys_acl_blob_get_fd() We are handing down an out of scope buffer. Found by AddressSanitizer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14627 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Feb 1 22:55:10 UTC 2021 on sn-devel-184 --- diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 041305d4aec..c1d5b7cd047 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4651,12 +4651,12 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle, TALLOC_CTX *frame; struct smb_acl_wrapper acl_wrapper = { 0 }; int fd = fsp_get_pathref_fd(fsp); + char buf[PATH_MAX] = {0}; struct smb_filename fname; int ret; if (fsp->fsp_flags.have_proc_fds) { const char *proc_fd_path = NULL; - char buf[PATH_MAX]; proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf)); if (proc_fd_path == NULL) {