Oops, that patch has a bug in the rare case where the stack buffer isn't
large enough: it might access freed storage. Fixed by installing the
attached further patch.From f01d8792778b637f7464533ac019e42f58adb310 Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Fri, 12 May 2023 12:23:49 -0700
Subject: [PATCH] =?UTF-8?q?file-has-acl:=20don=E2=80=99t=20access=20freed?=
=?UTF-8?q?=20storage?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix typo in previous patch, by not accessing freed storage
in the unusual case where the statck buffer is not large enough.
---
lib/file-has-acl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c
index 1edcd2cbd6..38bc806dc4 100644
--- a/lib/file-has-acl.c
+++ b/lib/file-has-acl.c
@@ -200,11 +200,13 @@ file_has_acl (char const *name, struct stat const *sb)
|| (S_ISDIR (sb->st_mode)
&& have_xattr (XATTR_NAME_POSIX_ACL_DEFAULT,
listbuf, listsize))));
+ bool nfsv4_acl_but_no_posix_acl
+ = ret == 0 && have_xattr (XATTR_NAME_NFSV4_ACL, listbuf, listsize);
free (heapbuf);
/* If there is an NFSv4 ACL but no POSIX ACL, follow up with a
getxattr syscall to see whether the NFSv4 ACL is nontrivial. */
- if (ret == 0 && have_xattr (XATTR_NAME_NFSV4_ACL, listbuf, listsize))
+ if (nfsv4_acl_but_no_posix_acl)
{
ret = getxattr (name, XATTR_NAME_NFSV4_ACL,
stackbuf.xattr, sizeof stackbuf.xattr);
--
2.39.2
