From dade2981c3558242086599a2435bb795160b1f67 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 11 Nov 2024 17:50:03 +0100
Subject: [PATCH] vfs: Only call openat for valid params in fake_acls_stat

openat(-1, "relative path", ..) is invalid. I've tried to also tighten
this down to just relative paths (i.e. base_name[0] != '/'), but
non_widelink_open makes modifications further down that make this more
difficult.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/modules/vfs_fake_acls.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index 69cae8ce21d..d2b96976582 100644
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -126,12 +126,20 @@ static int fake_acls_stat(vfs_handle_struct *handle,
 			return -1;
 		}
 
-		/* Recursion guard. */
-		prd->calling_pathref_fsp = true;
-		status = openat_pathref_fsp(handle->conn->cwd_fsp,
-					    smb_fname_cp);
-		/* End recursion guard. */
-		prd->calling_pathref_fsp = false;
+		if (fsp_get_pathref_fd(handle->conn->cwd_fsp) == -1) {
+			/*
+			 * No tcon around, fail as if we don't have
+			 * the EAs
+			 */
+			status = NT_STATUS_INVALID_HANDLE;
+		} else {
+			/* Recursion guard. */
+			prd->calling_pathref_fsp = true;
+			status = openat_pathref_fsp(handle->conn->cwd_fsp,
+						    smb_fname_cp);
+			/* End recursion guard. */
+			prd->calling_pathref_fsp = false;
+		}
 
 		if (!NT_STATUS_IS_OK(status)) {
 			/*
-- 
2.11.4.GIT