s3:smbd: Fix invalid memory access in posix_sys_acl_blob_get_fd()

We are handing down an out of scope buffer.

Found by AddressSanitizer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14627

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb  1 22:55:10 UTC 2021 on sn-devel-184

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 041305d4aec31442b0bc01ac47685324cbc35b2f..c1d5b7cd047bea5e13f68d6132f657ddfa46d127 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -4651,12 +4651,12 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle,
        TALLOC_CTX *frame;
        struct smb_acl_wrapper acl_wrapper = { 0 };
        int fd = fsp_get_pathref_fd(fsp);
+       char buf[PATH_MAX] = {0};
        struct smb_filename fname;
        int ret;
 
        if (fsp->fsp_flags.have_proc_fds) {
                const char *proc_fd_path = NULL;
-               char buf[PATH_MAX];
 
                proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
                if (proc_fd_path == NULL) {