s3: Fix the talloc hierarchy in shadow_copy2_connectpath

We have to return on talloc_tos() because we don't have a mem_ctx given to us.
So we have to create a separate temporary talloc context.

Fix bug #8011 (memory corruption in shadow_copy2).

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Mar 14 19:21:11 CET 2011 on sn-devel-104
(cherry picked from commit 746b299ec1b11ea1e70c130b69a9a379ec478750)
(cherry picked from commit 5d734a32d9719d05f1dc53b3f61535778a7cdbf3)

diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index 61f71b7bbc6a48c0bc898c0a1ee87471b070e662..e1b1c1707e9a94eac4167bb10259ab6d87ec24b3 100644 (file)
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -582,7 +582,7 @@ static char *shadow_copy2_realpath(vfs_handle_struct *handle,
 static const char *shadow_copy2_connectpath(struct vfs_handle_struct *handle,
                                            const char *fname)
 {
-       TALLOC_CTX *tmp_ctx = talloc_stackframe();
+       TALLOC_CTX *tmp_ctx;
        const char *snapdir, *baseoffset, *basedir, *gmt_start;
        size_t baselen;
        char *ret;
@@ -593,7 +593,14 @@ static const char *shadow_copy2_connectpath(struct vfs_handle_struct *handle,
                return handle->conn->connectpath;
        }
 
-       fname = shadow_copy2_normalise_path(talloc_tos(), fname, gmt_start);
+        /*
+         * We have to create a real temporary context because we have
+         * to put our result on talloc_tos(). Thus we can't use a
+         * talloc_stackframe() here.
+         */
+       tmp_ctx = talloc_new(talloc_tos());
+
+       fname = shadow_copy2_normalise_path(tmp_ctx, fname, gmt_start);
        if (fname == NULL) {
                TALLOC_FREE(tmp_ctx);
                return NULL;