[LTP] fs/acl: Add ACL_USER_OBJ permission test
linuxtestproject.agent@gmail.com
linuxtestproject.agent@gmail.com
Mon Jun 15 20:35:15 CEST 2026
Hi Sachin,
On Mon, 15 Jun 2026 20:45:48 +0530, Sachin Sant wrote:
> fs/acl: Add ACL_USER_OBJ permission test
--- [PATCH 5/8] ---
> fs/acl: Add ACL symlink operations test
> + if (user_obj->perm != (ACL_READ | ACL_WRITE | ACL_EXECUTE)) {
> + acl_free(target_acl);
> + if (unlink(TESTSYMLINK) == -1)
> + tst_res(TWARN | TERRNO, "unlink symlink failed");
> + cleanup_testfile();
> + tst_res(TFAIL, "USER_OBJ has wrong permissions: %o (expected rwx)",
> + user_obj->perm);
Use-after-free: user_obj points into the target_acl->entries[]
array that was just freed by acl_free(target_acl) on the line
above. Dereferencing user_obj->perm after the free is undefined
behavior.
The same pattern repeats for group_obj->perm and other->perm in the
two blocks that follow.
One fix would be to save the perm value before freeing:
uint16_t perm = user_obj->perm;
acl_free(target_acl);
...
tst_res(TFAIL, "USER_OBJ has wrong permissions: %o ...", perm);
Or move acl_free(target_acl) after the tst_res() call in each block.
Verdict - Needs revision
---
Note:
The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.
Regards,
LTP AI Reviewer
More information about the ltp
mailing list