mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
s3/utils: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free, make sure we duplicate return of poptGetArg if poptFreeContext is called before we use it. ==5914== Invalid read of size 1 ==5914== at 0x4FDF740: strlcpy (in /usr/lib64/libbsd.so.0.11.6) ==5914== by 0x49E09A9: tdbsam_getsampwnam (pdb_tdb.c:583) ==5914== by 0x49D94E5: pdb_getsampwnam (pdb_interface.c:340) ==5914== by 0x10DED1: print_user_info (pdbedit.c:372) ==5914== by 0x111413: main (pdbedit.c:1324) ==5914== Address 0x73b6750 is 0 bytes inside a block of size 7 free'd ==5914== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==5914== by 0x4C508B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==5914== by 0x4C515D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==5914== by 0x1113E6: main (pdbedit.c:1323) ==5914== Block was alloc'd at ==5914== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==5914== by 0x4C522EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==5914== by 0x110AE5: main (pdbedit.c:1137) ==5914== BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e82699fcca3716d9ed0450263fd83f948de8ffbe)
This commit is contained in:
parent
1efcc10c9d
commit
4b35fa3f85
@ -1150,7 +1150,7 @@ int main(int argc, const char **argv)
|
|||||||
poptGetArg(pc); /* Drop argv[0], the program name */
|
poptGetArg(pc); /* Drop argv[0], the program name */
|
||||||
|
|
||||||
if (user_name == NULL)
|
if (user_name == NULL)
|
||||||
user_name = poptGetArg(pc);
|
user_name = talloc_strdup(frame, poptGetArg(pc));
|
||||||
|
|
||||||
setparms = (backend ? BIT_BACKEND : 0) +
|
setparms = (backend ? BIT_BACKEND : 0) +
|
||||||
(verbose ? BIT_VERBOSE : 0) +
|
(verbose ? BIT_VERBOSE : 0) +
|
||||||
|
Loading…
x
Reference in New Issue
Block a user