Fix second part of bug #8811 - sd_has_inheritable_components segfaults on an SD that...

This fixes a coredump with a NULL DACL in add_directory_inheritable_components().

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Mar 17 01:05:57 CET 2012 on sn-devel-104

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index ca303d376e5ac8a736d77118612053279a5611cb..241bc8f7e6996dcd2efad564362e1de6c68afc52 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -179,7 +179,7 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
  CREATOR_OWNER/CREATOR_GROUP/WORLD.
 *******************************************************************/
 
-static void add_directory_inheritable_components(vfs_handle_struct *handle,
+static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
                                 const char *name,
                                SMB_STRUCT_STAT *psbuf,
                                struct security_descriptor *psd)
@@ -197,7 +197,7 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle,
                                                num_aces + 3);
 
        if (new_ace_list == NULL) {
-               return;
+               return NT_STATUS_NO_MEMORY;
        }
 
        /* Fake a quick smb_filename. */
@@ -249,8 +249,19 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle,
                        SEC_ACE_FLAG_CONTAINER_INHERIT|
                                SEC_ACE_FLAG_OBJECT_INHERIT|
                                SEC_ACE_FLAG_INHERIT_ONLY);
-       psd->dacl->aces = new_ace_list;
-       psd->dacl->num_aces += 3;
+       if (psd->dacl) {
+               psd->dacl->aces = new_ace_list;
+               psd->dacl->num_aces += 3;
+       } else {
+               psd->dacl = make_sec_acl(talloc_tos(),
+                               NT4_ACL_REVISION,
+                               3,
+                               new_ace_list);
+               if (psd->dacl == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+       return NT_STATUS_OK;
 }
 
 /*******************************************************************
@@ -406,10 +417,14 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
                        if (is_directory &&
                                !sd_has_inheritable_components(psd,
                                                        true)) {
-                               add_directory_inheritable_components(handle,
+                               status = add_directory_inheritable_components(
+                                                       handle,
                                                        name,
                                                        psbuf,
                                                        psd);
+                               if (!NT_STATUS_IS_OK(status)) {
+                                       return status;
+                               }
                        }
                        /* The underlying POSIX module always sets
                           the ~SEC_DESC_DACL_PROTECTED bit, as ACLs