Fixed a memory leak case in Posix ACL.

As this is a patch to standard version, all changes since ntfs-3g.1.2531SR.1 are also reflected.
2024-11-23 10:04:00 +08:00 · 2008-07-13 19:18:25 +00:00 · 2008-07-13 19:18:25 +00:00 · 1f64eafe7c
commit 1f64eafe7c
parent 412838056a
1 changed files with 106 additions and 81 deletions
--- a/posixacls.patch
+++ b/posixacls.patch
@ -1,22 +1,22 @@
--- ntfsdev/ntfs-3g/src/ntfs-3g.c	2008-06-02 10:13:23.000000000 +0200
-+++ ntfsacls/ntfs-3g/src/ntfs-3g.c	2008-06-02 11:06:46.000000000 +0200
-@@ -1069,9 +1069,15 @@
- 			securid = ntfs_inherited_id(&security, dir_path,
+--- ntfsdev/ntfs-3g/src/ntfs-3g.c	2008-07-13 11:22:47.000000000 +0200
+++ ntfsacls/ntfs-3g/src/ntfs-3g.c	2008-07-13 11:33:14.000000000 +0200
+@@ -1072,9 +1072,15 @@
+ 				securid = ntfs_inherited_id(&security, dir_path,
 					dir_ni, S_ISDIR(type));
- 		else {
+ 			else
 +#if POSIXACLS
-+			securid = ntfs_alloc_securid(&security,
-+				security.uid, security.gid,
-+				dir_path, dir_ni, perm, S_ISDIR(type));
+				securid = ntfs_alloc_securid(&security,
+					security.uid, security.gid,
+					dir_path, dir_ni, perm, S_ISDIR(type));
 +#else
- 			securid = ntfs_alloc_securid(&security,
- 				security.uid, security.gid, perm,
- 				S_ISDIR(type));
+ 				securid = ntfs_alloc_securid(&security,
+ 					security.uid, security.gid, perm,
+ 					S_ISDIR(type));
 +#endif
- 		}
 		/* Create object specified in @type. */
 		switch (type) {
-@@ -1101,10 +1107,18 @@
+ 			case S_IFCHR:
+@@ -1103,10 +1109,18 @@
 				 * could not be allocated (eg NTFS 1.x)
 				 */
 			if (ctx->security.usermapping) {
@ -35,7 +35,7 @@
 				else {
 					/* Adjust read-only (for Windows) */
 					if (perm & S_IWUSR)
-@@ -1750,6 +1764,38 @@
+@@ -1752,6 +1766,38 @@
 	ntfschar *lename = NULL;
 	int res, lename_len;
 
@ -74,7 +74,7 @@
 	if (ctx->streams == NF_STREAMS_INTERFACE_WINDOWS)
 		return ntfs_fuse_getxattr_windows(path, name, value, size);
 	if (ctx->streams != NF_STREAMS_INTERFACE_XATTR)
-@@ -1800,6 +1846,37 @@
+@@ -1802,6 +1848,37 @@
 	ntfschar *lename = NULL;
 	int res, lename_len;
 
@ -112,7 +112,7 @@
 	if (ctx->streams != NF_STREAMS_INTERFACE_XATTR)
 		return -EOPNOTSUPP;
 	if (strncmp(name, nf_ns_xattr_preffix, nf_ns_xattr_preffix_len) ||
-@@ -1858,6 +1935,37 @@
+@@ -1860,6 +1937,37 @@
 	int res = 0, lename_len;
 
 
@ -150,8 +150,8 @@
 	if (ctx->streams != NF_STREAMS_INTERFACE_XATTR)
 		return -EOPNOTSUPP;
 	if (strncmp(name, nf_ns_xattr_preffix, nf_ns_xattr_preffix_len) ||
--- ntfsdev/ntfs-3g/include/ntfs-3g/security.h	2008-05-30 08:53:07.000000000 +0200
-+++ ntfsacls/ntfs-3g/include/ntfs-3g/security.h	2008-04-20 11:37:48.000000000 +0200
+--- ntfsdev/ntfs-3g/include/ntfs-3g/security.h	2008-07-13 09:11:26.000000000 +0200
+++ ntfsacls/ntfs-3g/include/ntfs-3g/security.h	2008-07-13 11:33:14.000000000 +0200
@@ -30,6 +30,8 @@
 #include "inode.h"
 #include "dir.h"
@ -285,8 +285,8 @@
 /*
  *		Security API for direct access to security descriptors
  *	based on Win32 API
--- ntfsdev/ntfs-3g/libntfs-3g/security.c	2008-06-02 10:19:12.000000000 +0200
-+++ ntfsacls/ntfs-3g/libntfs-3g/security.c	2008-06-02 10:26:10.000000000 +0200
+--- ntfsdev/ntfs-3g/libntfs-3g/security.c	2008-07-13 09:11:26.000000000 +0200
+++ ntfsacls/ntfs-3g/libntfs-3g/security.c	2008-07-13 12:44:56.000000000 +0200
@@ -526,6 +526,673 @@
 	return (ok);
 }
@ -961,6 +961,15 @@
 /**
  * ntfs_guid_is_zero - check if a GUID is zero
  * @guid:	[IN] guid to check
+@@ -1484,7 +2151,7 @@
+ 					ntfs_attr_remove(ni,
+ 						AT_SECURITY_DESCRIPTOR,
+ 						AT_UNNAMED, 0);
+-				}
+			}
+ 				set_nino_flag(ni, v3_Extensions);
+ 				ni->security_id = securid;
+ 				ntfs_attr_close(na);
@@ -1984,8 +2651,16 @@
 	pseccache = *scx->pseccache;
 	if (pseccache) {
@ -1227,7 +1236,7 @@
 	/* ACL header */
 	pacl = (ACL*)&secattr[offs];
 	pacl->revision = ACL_REVISION;
-@@ -2370,65 +3178,587 @@
+@@ -2370,62 +3178,584 @@
 	pos = sizeof(ACL);
 	acecnt = 0;
 
@ -1356,9 +1365,7 @@
 +				sid = usid;
 +				sidsz = usidsz;
 +				grants = OWNER_RIGHTS;
- 			} else {
-				pdace->flags = FILE_INHERITANCE;
-				if ((mode & S_IXOTH) && !(mode & S_IXGRP))
+			} else {
 +				sid = find_usid(scx, pxace->id, (SID*)&defsid);
 +				if (sid) {
 +					sidsz = sid_size(sid);
@ -1864,12 +1871,9 @@
 +					denials |= DIR_WRITE;
 +				if ((mode & S_IROTH) && !(mode & S_IRGRP))
 +					denials |= DIR_READ;
-+			} else {
-+				pdace->flags = FILE_INHERITANCE;
-+				if ((mode & S_IXOTH) && !(mode & S_IXGRP))
- 					denials |= FILE_EXEC;
- 				if ((mode & S_IWOTH) && !(mode & S_IWGRP))
- 					denials |= FILE_WRITE;
+ 			} else {
+ 				pdace->flags = FILE_INHERITANCE;
+ 				if ((mode & S_IXOTH) && !(mode & S_IXGRP))
@@ -2638,6 +3968,108 @@
 	return (pos);
 }
@ -1979,14 +1983,10 @@
 /*
  *		Build a full security descriptor
  *	returns descriptor in allocated memory, must free() after use
-@@ -2816,9 +4248,154 @@
- 		if (special & FILE_READ_DATA)
- 			perm |= S_ISVTX;
- 	}
-	return (perm);
-+	return (perm);
-+}
-+
+@@ -2819,6 +4251,151 @@
+ 	return (perm);
+ }
+ 
 +#if POSIXACLS
 +
 +/*
@ -2128,8 +2128,8 @@
 +		posix_desc->tagsset = tagsset;
 +	}
 +	return (k - target);
- }
- 
+}
+
 +#endif
 +
 /*
@ -2795,7 +2795,7 @@
 				if (!perm && same_sid(usid, adminsid)) {
 					uid = find_tenant(scx, securattr);
 					if (uid)
-@@ -3313,15 +5477,28 @@
+@@ -3313,29 +5477,165 @@
 				}
 				if (test_nino_flag(ni, v3_Extensions)
 				    && (perm >= 0)) {
@ -2806,28 +2806,31 @@
 					enter_cache(scx, ni, uid,
 							gid, perm);
 +#endif
- 				}
+				}
 +#if POSIXACLS
 +				if (pxdesc) {
 +					perm = access_check_posix(scx,pxdesc,request,uid,gid);
 +					free(pxdesc);
 +				}
 +#endif
- 				free(securattr);
- 			} else {
- 				perm = -1;
- 				uid = gid = 0;
- 			}
- 		}
+				free(securattr);
+			} else {
+				perm = -1;
+				uid = gid = 0;
+			}
+		}
 +#if POSIXACLS
 +#else
- 		if (perm >= 0) {
- 			if (uid == scx->uid)
- 				perm &= 07700;
-@@ -3332,10 +5509,133 @@
- 				else
- 					perm &= 07007;
- 		}
+		if (perm >= 0) {
+			if (uid == scx->uid)
+				perm &= 07700;
+			else
+				if ((gid == scx->gid)
+				   || groupmember(scx, scx->uid, gid))
+					perm &= 07070;
+				else
+					perm &= 07007;
+		}
 +#endif
 +	}
 +	return (perm);
@ -2910,8 +2913,8 @@
 +					if (pxdesc->tagsset & POSIX_ACL_EXTENSIONS)
 +					enter_cache(scx, ni, uid,
 +							gid, pxdesc);
-+				}
-+				free(securattr);
+ 				}
+ 				free(securattr);
 +			} else
 +				pxdesc = (struct POSIX_SECURITY*)NULL;
 +		}
@ -2940,11 +2943,24 @@
 +						errno = ENOSPC;
 +					}
 +				}
-+			} else {
+ 			} else {
+-				perm = -1;
+-				uid = gid = 0;
 +				outsize = 0;
 +				errno = EIO;
 +				ntfs_log_error("Invalid Posix ACL built\n");
-+			}
+ 			}
+-		}
+-		if (perm >= 0) {
+-			if (uid == scx->uid)
+-				perm &= 07700;
+-			else
+-				if ((gid == scx->gid)
+-				   || groupmember(scx, scx->uid, gid))
+-					perm &= 07070;
+-				else
+-					perm &= 07007;
+-		}
 +			if (!cached)
 +				free(pxdesc);
 +		} else
@ -3258,24 +3274,24 @@
 {
 	int res;
 	const struct CACHED_SECURID *cached;
-@@ -3523,8 +6067,17 @@
- 		wanted.gid = gid;
- 		wanted.dmode = mode & 07777;
- 		if (isdir) wanted.dmode |= 0x10000;
+@@ -3522,8 +6066,17 @@
+ 	wanted.gid = gid;
+ 	wanted.dmode = mode & 07777;
+ 	if (isdir) wanted.dmode |= 0x10000;
 +#if POSIXACLS
-+		wanted.variable = (void*)pxdesc;
-+		if (pxdesc)
-+			wanted.varsize = sizeof(struct POSIX_SECURITY)
-+				+ (pxdesc->acccnt + pxdesc->defcnt)*sizeof(struct POSIX_ACE);
-+		else
-+			wanted.varsize = 0;
+	wanted.variable = (void*)pxdesc;
+	if (pxdesc)
+		wanted.varsize = sizeof(struct POSIX_SECURITY)
+			+ (pxdesc->acccnt + pxdesc->defcnt)*sizeof(struct POSIX_ACE);
+	else
+		wanted.varsize = 0;
 +#else
- 		wanted.variable = (void*)NULL;
- 		wanted.varsize = 0;
+ 	wanted.variable = (void*)NULL;
+ 	wanted.varsize = 0;
 +#endif
+ 	if (test_nino_flag(ni, v3_Extensions)) {
 		cached = (const struct CACHED_SECURID*)ntfs_fetch_cache(
 				scx->vol->securid_cache, GENERIC(&wanted),
- 				(cache_compare)compare);
@@ -3548,8 +6101,17 @@
 				uid, gid);
 			usid = gsid = adminsid;
@ -3432,7 +3448,7 @@
 +	BOOL isdir;
 +	int pxsize;
 +	const struct POSIX_SECURITY *oldpxdesc;
-+	struct POSIX_SECURITY *newpxdesc;
+	struct POSIX_SECURITY *newpxdesc = (struct POSIX_SECURITY*)NULL;
 +#endif
 
 	/* get the current owner, either from cache or from old attribute  */
@ -3474,7 +3490,7 @@
 			free(oldattr);
 		} else
 			res = -1;
-@@ -3643,7 +6348,18 @@
+@@ -3643,7 +6348,17 @@
 			if (processuid && (gid != scx->gid)
 			    && !groupmember(scx, scx->uid, gid))
 				mode &= ~S_ISGID;
@ -3483,7 +3499,6 @@
 +				newpxdesc->mode = mode;
 +				res = ntfs_set_owner_mode(scx, ni, uid, gid,
 +					mode, newpxdesc);
-+				free(newpxdesc);
 +			} else
 +				res = ntfs_set_owner_mode(scx, ni, uid, gid,
 +					mode, newpxdesc);
@ -3493,7 +3508,17 @@
 		} else {
 			errno = EPERM;
 			res = -1;	/* neither owner nor root */
-@@ -3759,7 +6475,11 @@
+@@ -3657,6 +6372,9 @@
+ 		res = -1;
+ 		errno = EIO;
+ 	}
+#if POSIXACLS
+	if (newpxdesc) free(newpxdesc);
+#endif
+ 	return (res ? -1 : 0);
+ }
+ 
+@@ -3759,7 +6477,11 @@
 	if (!scx->usermapping || !scx->uid)
 		allow = 1;
 	else {
@ -3506,7 +3531,7 @@
 		if (perm >= 0) {
 			res = EACCES;
 			switch (accesstype) {
-@@ -3880,6 +6600,10 @@
+@@ -3880,6 +6602,10 @@
 	mode_t mode;
 	int perm;
 	int res;
@ -3517,7 +3542,7 @@
 
 	res = 0;
 	/* get the current owner and mode from cache or security attributes */
-@@ -3889,10 +6613,23 @@
+@@ -3889,10 +6615,23 @@
 		fileuid = cached->uid;
 		filegid = cached->gid;
 		mode = cached->mode;
@ -3541,7 +3566,7 @@
 		oldattr = getsecurityattr(scx->vol, path, ni);
 		if (oldattr) {
 			phead = (const SECURITY_DESCRIPTOR_RELATIVE*)
-@@ -3905,6 +6642,21 @@
+@@ -3905,6 +6644,21 @@
 			usid = (const SID*)
 				&oldattr[le32_to_cpu(phead->owner)];
 #endif
@ -3563,7 +3588,7 @@
 			mode = perm = build_permissions(oldattr,
 					 usid, gsid, ni);
 			if (perm >= 0) {
-@@ -3912,6 +6664,7 @@
+@@ -3912,6 +6666,7 @@
 				filegid = findgroup(scx,gsid);
 			} else
 				res = -1;
@ -3571,7 +3596,7 @@
 			free(oldattr);
 		} else
 			res = -1;
-@@ -3933,11 +6686,19 @@
+@@ -3933,11 +6688,19 @@
                         /* unless request originated by root */
 			if (uid && (fileuid != uid))
 				mode &= 01777;