From: Jeremy Allison Date: Tue, 28 Feb 2023 19:20:12 +0000 (-0800) Subject: s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file. X-Git-Tag: talloc-2.4.1~1484 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f84a6df4546e0f1e62dfbcd0b823ea29499a787;p=thirdparty%2Fsamba.git s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file. When open_stream_pathref_fsp() returns NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp has been set to NULL, so we must free base_fsp separately to prevent fd-leaks when opening a stream that doesn't exist. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224 --- diff --git a/selftest/knownfail.d/stream_rename b/selftest/knownfail.d/stream_rename deleted file mode 100644 index 2dccb826cd6..00000000000 --- a/selftest/knownfail.d/stream_rename +++ /dev/null @@ -1 +0,0 @@ -^samba3.blackbox.stream_dir_rename.stream_rename\(fileserver\) diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index e9775387d11..78f552de9b2 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -1386,6 +1386,16 @@ static NTSTATUS filename_convert_dirfsp_nosymlink( status = NT_STATUS_NO_MEMORY; goto fail; } + /* + * When open_stream_pathref_fsp() returns + * NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp + * has been set to NULL, so we must free base_fsp separately + * to prevent fd-leaks when opening a stream that doesn't + * exist. + */ + fd_close(base_fsp); + file_free(NULL, base_fsp); + base_fsp = NULL; goto done; } @@ -1402,6 +1412,17 @@ done: return NT_STATUS_OK; fail: + /* + * If open_stream_pathref_fsp() returns an error, smb_fname_rel->fsp + * has been set to NULL, so we must free base_fsp separately + * to prevent fd-leaks when opening a stream that doesn't + * exist. + */ + if (base_fsp != NULL) { + fd_close(base_fsp); + file_free(NULL, base_fsp); + base_fsp = NULL; + } TALLOC_FREE(dirname); TALLOC_FREE(smb_dirname); TALLOC_FREE(smb_fname_rel);