diff options
| author | Jeremy Allison <jra@samba.org> | 2012-03-16 15:26:57 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2012-03-17 01:05:57 +0100 |
| commit | 9d7444bfce7ebf583da31371142db33d928949f8 (patch) | |
| tree | 607587f0c44b912102973f7a1e3e9395d8678907 /source3/modules | |
| parent | 15eaaa095fd3cb9a687d9b82fb7f9be2dc5a54b1 (diff) | |
| download | samba-9d7444bfce7ebf583da31371142db33d928949f8.tar.gz samba-9d7444bfce7ebf583da31371142db33d928949f8.tar.xz samba-9d7444bfce7ebf583da31371142db33d928949f8.zip | |
Fix second part of bug #8811 - sd_has_inheritable_components segfaults on an SD that se_access_check accepts.
This fixes a coredump with a NULL DACL in add_directory_inheritable_components().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Mar 17 01:05:57 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/modules')
| -rw-r--r-- | source3/modules/vfs_acl_common.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index ca303d376e..241bc8f7e6 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -179,7 +179,7 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, CREATOR_OWNER/CREATOR_GROUP/WORLD. *******************************************************************/ -static void add_directory_inheritable_components(vfs_handle_struct *handle, +static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle, const char *name, SMB_STRUCT_STAT *psbuf, struct security_descriptor *psd) @@ -197,7 +197,7 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, num_aces + 3); if (new_ace_list == NULL) { - return; + return NT_STATUS_NO_MEMORY; } /* Fake a quick smb_filename. */ @@ -249,8 +249,19 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_OBJECT_INHERIT| SEC_ACE_FLAG_INHERIT_ONLY); - psd->dacl->aces = new_ace_list; - psd->dacl->num_aces += 3; + if (psd->dacl) { + psd->dacl->aces = new_ace_list; + psd->dacl->num_aces += 3; + } else { + psd->dacl = make_sec_acl(talloc_tos(), + NT4_ACL_REVISION, + 3, + new_ace_list); + if (psd->dacl == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + return NT_STATUS_OK; } /******************************************************************* @@ -406,10 +417,14 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, if (is_directory && !sd_has_inheritable_components(psd, true)) { - add_directory_inheritable_components(handle, + status = add_directory_inheritable_components( + handle, name, psbuf, psd); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } /* The underlying POSIX module always sets the ~SEC_DESC_DACL_PROTECTED bit, as ACLs |