Bug 6488: acl_group_override() call in posix acls references an uninitialized variable. (cherry picked from commit f92195e3a1baaddda47a5d496f9488c8445b41ad)samba-3.2.13

1 files changed, 10 insertions, 12 deletions

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 562776e798d..fe72a131084 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -2384,24 +2384,22 @@ static bool current_user_in_group(gid_t gid)
 ****************************************************************************/
 
 static bool acl_group_override(connection_struct *conn,
-				gid_t prim_gid,
+				SMB_STRUCT_STAT *psbuf,
 				const char *fname)
 {
-	SMB_STRUCT_STAT sbuf;
-
 	if ((errno != EPERM) && (errno != EACCES)) {
 		return false;
 	}
 
 	/* file primary group == user primary or supplementary group */
 	if (lp_acl_group_control(SNUM(conn)) &&
-			current_user_in_group(prim_gid)) {
+			current_user_in_group(psbuf->st_gid)) {
 		return true;
 	}
 
 	/* user has writeable permission */
 	if (lp_dos_filemode(SNUM(conn)) &&
-			can_write_to_file(conn, fname, &sbuf)) {
+			can_write_to_file(conn, fname, psbuf)) {
 		return true;
 	}
 
@@ -2412,7 +2410,7 @@ static bool acl_group_override(connection_struct *conn,
  Attempt to apply an ACL to a file or directory.
 ****************************************************************************/
 
-static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, gid_t prim_gid, bool *pacl_set_support)
+static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, SMB_STRUCT_STAT *psbuf, bool *pacl_set_support)
 {
 	connection_struct *conn = fsp->conn;
 	bool ret = False;
@@ -2591,7 +2589,7 @@ static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool defau
 				*pacl_set_support = False;
 			}
 
-			if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
+			if (acl_group_override(conn, psbuf, fsp->fsp_name)) {
 				int sret;
 
 				DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
@@ -2622,7 +2620,7 @@ static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool defau
 				*pacl_set_support = False;
 			}
 
-			if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
+			if (acl_group_override(conn, psbuf, fsp->fsp_name)) {
 				int sret;
 
 				DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
@@ -3627,7 +3625,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 		if (set_acl_as_root) {
 			become_root();
 		}
-		ret = set_canon_ace_list(fsp, file_ace_list, False, sbuf.st_gid, &acl_set_support);
+		ret = set_canon_ace_list(fsp, file_ace_list, False, &sbuf, &acl_set_support);
 		if (set_acl_as_root) {
 			unbecome_root();
 		}
@@ -3644,7 +3642,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 			if (set_acl_as_root) {
 				become_root();
 			}
-			ret = set_canon_ace_list(fsp, dir_ace_list, True, sbuf.st_gid, &acl_set_support);
+			ret = set_canon_ace_list(fsp, dir_ace_list, True, &sbuf, &acl_set_support);
 			if (set_acl_as_root) {
 				unbecome_root();
 			}
@@ -3669,7 +3667,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 				unbecome_root();
 			}
 			if (sret == -1) {
-				if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
+				if (acl_group_override(conn, &sbuf, fsp->fsp_name)) {
 					DEBUG(5,("set_nt_acl: acl group control on and "
 						"current user in file %s primary group. Override delete_def_acl\n",
 						fsp->fsp_name ));
@@ -3729,7 +3727,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 				unbecome_root();
 			}
 			if(sret == -1) {
-				if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
+				if (acl_group_override(conn, &sbuf, fsp->fsp_name)) {
 					DEBUG(5,("set_nt_acl: acl group control on and "
 						"current user in file %s primary group. Override chmod\n",
 						fsp->fsp_name ));