1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

lib: talloc: As _tc_free_internal() takes a struct talloc_chunk *, add an extra paranoia check against destructor overwrite.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Andrew Bartlett 2016-06-29 16:44:50 -07:00 committed by Jeremy Allison
parent d2a5927bd7
commit fde0d0de71

View File

@ -1034,6 +1034,20 @@ static inline int _tc_free_internal(struct talloc_chunk *tc,
if (unlikely(tc->destructor)) {
talloc_destructor_t d = tc->destructor;
/*
* Protect the destructor against some overwrite
* attacks, by explicitly checking it has the right
* magic here.
*/
if (talloc_chunk_from_ptr(ptr) != tc) {
/*
* This can't actually happen, the
* call itself will panic.
*/
TALLOC_ABORT("talloc_chunk_from_ptr failed!");
}
if (d == (talloc_destructor_t)-1) {
return -1;
}