From: Volker Lendecke <vl@samba.org>
Date: Thu, 12 Jan 2023 11:00:26 +0000 (+0100)
Subject: lib: Fix a use-after-free in "net vfs getntacl"
X-Git-Tag: talloc-2.4.0~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=425aaf6f7ebecc33463f6ed2f39573e95a72bf55;p=thirdparty%2Fsamba.git

lib: Fix a use-after-free in "net vfs getntacl"

Don't hang "sd" off "fsp", which is free'ed before printing

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 12 16:41:07 UTC 2023 on sn-devel-184
---

diff --git a/source3/utils/net_vfs.c b/source3/utils/net_vfs.c
index 90822bf368c..0cdfc44b9b7 100644
--- a/source3/utils/net_vfs.c
+++ b/source3/utils/net_vfs.c
@@ -276,7 +276,7 @@ static int net_vfs_get_ntacl(struct net_context *net,
 
 	status = SMB_VFS_FGET_NT_ACL(fsp,
 				     SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL,
-				     fsp,
+				     talloc_tos(),
 				     &sd);
 	if (!NT_STATUS_IS_OK(status)) {
 		DBG_ERR("SMB_VFS_FGET_NT_ACL [%s] failed: %s\n",
@@ -296,6 +296,8 @@ static int net_vfs_get_ntacl(struct net_context *net,
 
 	rc = 0;
 done:
+	TALLOC_FREE(sd);
+
 	if (fsp != NULL) {
 		status = close_file_free(NULL, &fsp, NORMAL_CLOSE);
 		if (!NT_STATUS_IS_OK(status)) {