summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ambach <ambi@samba.org>2012-11-02 08:41:10 +0100
committerAndrew Bartlett <abartlet@samba.org>2012-11-16 23:28:21 +0100
commit1a71f07cee0bfe50ea6821a195a950d2206aab55 (patch)
treeb523e4b1efc0596f3d4726d01df4bc5b531990d1
parent3dab1ef8a57670a36a81e706895bbe225892f3ff (diff)
downloadsamba-1a71f07cee0bfe50ea6821a195a950d2206aab55.tar.gz
samba-1a71f07cee0bfe50ea6821a195a950d2206aab55.tar.bz2
samba-1a71f07cee0bfe50ea6821a195a950d2206aab55.zip
s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
sys_acl_init returns a SMB_ACL_T with zero entries in the acl array reallocate the array to proper size before filling it, otherwise we overwrite memory This one is a result of a improper fixing in 7a6182962966e5edb42728c8 Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source3/modules/vfs_gpfs.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index e425d2f1c3..f5ac7eb4fb 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -573,6 +573,8 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
}
result->count = pacl->acl_nace;
+ result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
+ result->count);
for (i=0; i<pacl->acl_nace; i++) {
struct smb_acl_entry *ace = &result->acl[i];