smbd: Add mem_ctx to {f,}get_nt_acl VFS call

This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().

As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.

Andrew Bartlett

1 files changed, 7 insertions, 6 deletions

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 6848d10397..1011bd7025 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1907,6 +1907,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
 {
 	NTSTATUS status;
 	struct security_descriptor *psd = NULL;
+	TALLOC_CTX *frame = talloc_stackframe();
 
 	/*
 	 * Get the permissions to return.
@@ -1932,13 +1933,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
 	}
 
 	if (!lp_nt_acl_support(SNUM(conn))) {
-		status = get_null_nt_acl(mem_ctx, &psd);
+		status = get_null_nt_acl(frame, &psd);
 	} else if (security_info_wanted & SECINFO_LABEL) {
 		/* Like W2K3 return a null object. */
-		status = get_null_nt_acl(mem_ctx, &psd);
+		status = get_null_nt_acl(frame, &psd);
 	} else {
 		status = SMB_VFS_FGET_NT_ACL(
-			fsp, security_info_wanted, &psd);
+			fsp, security_info_wanted, frame, &psd);
 	}
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -1989,7 +1990,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
 	}
 
 	if (max_data_count < *psd_size) {
-		TALLOC_FREE(psd);
+		TALLOC_FREE(frame);
 		return NT_STATUS_BUFFER_TOO_SMALL;
 	}
 
@@ -1997,11 +1998,11 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
 				   ppmarshalled_sd, psd_size);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(psd);
+		TALLOC_FREE(frame);
 		return status;
 	}
 
-	TALLOC_FREE(psd);
+	TALLOC_FREE(frame);
 	return NT_STATUS_OK;
 }