From: Christian Ambach <ambi@samba.org>
Date: Fri, 2 Nov 2012 07:41:10 +0000 (+0100)
Subject: s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=commitdiff_plain;h=1a71f07cee0bfe50ea6821a195a950d2206aab55

s3:vfs_gpfs fix memory corruption in gpfs2smb_acl

sys_acl_init returns a SMB_ACL_T with zero entries in the acl array
reallocate the array to proper size before filling it, otherwise we overwrite memory

This one is a result of a improper fixing in 7a6182962966e5edb42728c8

Signed-off-by: Christian Ambach <ambi@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index e425d2f1c31..f5ac7eb4fb7 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -573,6 +573,8 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
 	}
 
 	result->count = pacl->acl_nace;
+	result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
+				     result->count);
 
 	for (i=0; i<pacl->acl_nace; i++) {
 		struct smb_acl_entry *ace = &result->acl[i];