aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2018-08-06 14:33:34 +0200
committerKarolin Seeger <kseeger@samba.org>2018-08-23 10:38:28 +0200
commit1c0be1fc41e9f8c3e36e94e470140b178083227b (patch)
tree92ef1afd13ac48bafc3b7c73dea2638edc744d3f
parent3cc8f9d7c7a65a6cf62ac9075803a962ee777d72 (diff)
downloadsamba-1c0be1fc41e9f8c3e36e94e470140b178083227b.tar.gz
samba-1c0be1fc41e9f8c3e36e94e470140b178083227b.tar.xz
samba-1c0be1fc41e9f8c3e36e94e470140b178083227b.zip
vfs_fruit: Fix a leak of "br_lck"
Fix a panic if fruit_access_check detects a locking conflict. do_lock() returns a valid br_lck even in case of a locking conflict. Not free'ing it leads to a invalid lock order panic later, because "br_lck" corresponds to a dbwrap lock on brlock.tdb. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 51d57073798f76ec4f1261945e0ba779b2530009)
-rw-r--r--source3/modules/vfs_fruit.c24
1 files changed, 16 insertions, 8 deletions
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 013dec0186a..c7777ae22b7 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2386,7 +2386,6 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle,
uint32_t deny_mode)
{
NTSTATUS status = NT_STATUS_OK;
- struct byte_range_lock *br_lck = NULL;
bool open_for_reading, open_for_writing, deny_read, deny_write;
off_t off;
bool have_read = false;
@@ -2444,6 +2443,8 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle,
/* Set locks */
if ((access_mask & FILE_READ_DATA) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = access_to_netatalk_brl(fork_type, FILE_READ_DATA);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
@@ -2451,13 +2452,16 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
}
if ((deny_mode & DENY_READ) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = denymode_to_netatalk_brl(fork_type, DENY_READ);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
@@ -2465,10 +2469,11 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
}
}
@@ -2494,6 +2499,8 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle,
/* Set locks */
if ((access_mask & FILE_WRITE_DATA) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = access_to_netatalk_brl(fork_type, FILE_WRITE_DATA);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
@@ -2501,13 +2508,15 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
-
}
if ((deny_mode & DENY_WRITE) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = denymode_to_netatalk_brl(fork_type, DENY_WRITE);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
@@ -2515,15 +2524,14 @@ static NTSTATUS fruit_check_access(vfs_handle_struct *handle,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
}
}
- TALLOC_FREE(br_lck);
-
return status;
}