s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
authorChristian Ambach <ambi@samba.org>
Fri, 2 Nov 2012 07:41:10 +0000 (08:41 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 16 Nov 2012 22:28:21 +0000 (23:28 +0100)
sys_acl_init returns a SMB_ACL_T with zero entries in the acl array
reallocate the array to proper size before filling it, otherwise we overwrite memory

This one is a result of a improper fixing in 7a6182962966e5edb42728c8

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/modules/vfs_gpfs.c

index e425d2f..f5ac7eb 100644 (file)
@@ -573,6 +573,8 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
        }
 
        result->count = pacl->acl_nace;
+       result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
+                                    result->count);
 
        for (i=0; i<pacl->acl_nace; i++) {
                struct smb_acl_entry *ace = &result->acl[i];