1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Commit Graph

127 Commits

Author SHA1 Message Date
Joseph Sutton
01bd234f6a lib/talloc: Zero-initialise chunk pointers
Ensuring pointers are always initialised avoids compilation errors with
FORTIFY_SOURCE=2.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Volker Lendecke
ccb5bafe93 lib: Move talloc_asprintf_addbuf() to talloc
I wanted to use this in debug.c, but this would have meant to pollute
debug's deps with a lot of stuff. Also, looking through uses of
talloc_asprint_append(), very many of those don't do NULL checks
properly and could benefit from the _addbuf() flavor. We can add a
vasprintf variant later if the need shows up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Jeremy Allison
6598e00e12 lib: talloc: Remove the ALWAYS_REALLOC code paths.
This is now never set, and also never tested, and only makes
the talloc code more complicated.

Once this is gone we can start looking at the memlimit
stuff.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-10 19:49:33 +00:00
Björn Jacke
f13e1ca54a talloc: alternatively use prama init for constructors if supported
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-10 06:53:43 +00:00
Jeremy Allison
4566ee91b8 lib: talloc: Fix memlimit on pool realloc.
We only have to do the memlimit check before any
real malloc or realloc. Allocations out of a
memory pool have already been counted in the
memory limit, so don't check in those cases.

This is an application-visible change (although
fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:50 +00:00
Jeremy Allison
6e0aab0b40 lib: talloc: Fix pool object accounting when doing talloc_realloc() in the ALWAYS_REALLOC compiled case.
tc_alloc_pool() or the fallback malloc can return NULL.

Wait until we know we are returning a valid pointer
before decrementing pool_hdr->object_count due to
reallocing out of the talloc_pool.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:49 +00:00
Jeremy Allison
86eb6423bd lib: talloc: Cleanup. Use consistent preprocessor logic macros.
Match other use of ALWAYS_REALLOC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:49 +00:00
Andreas Schneider
9e922b75d0 talloc: Mark ptr of talloc_unlink() not as a tainted scalar
This should address a lot of issues reported by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-06-09 16:02:59 +00:00
Andreas Schneider
b2c2c4c3e6 talloc: Fix alignment issues for casting pointers
warning: cast from 'char *' to 'struct talloc_chunk *' increases required
alignment from 1 to 8

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 19 12:38:50 UTC 2019 on sn-devel-144
2019-03-19 12:38:50 +00:00
Andreas Schneider
eabe6d534c lib:talloc: Fix undefined behavior in talloc_memdup
lib/talloc/talloc.c:2419: runtime error: null pointer passed as argument
2, which is declared to never be null

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-12-12 18:34:10 +01:00
Stefan Metzmacher
03124c85f1 talloc: use atexit() again instead of a library destructor
The change for https://bugzilla.samba.org/show_bug.cgi?id=7587
("talloc_autofree_context() in shared libraries and plugins is a bad idea on FreeBSD")
(ommit 41b6810ba0)
causes the following for sssd on Linux:

     Stack trace of thread 19667:
     #0  0x00007f2cab91ff6b __GI_raise (libc.so.6)
     #1  0x00007f2cab90a5c1 __GI_abort (libc.so.6)
     #2  0x00007f2cab90a491 __assert_fail_base (libc.so.6)
     #3  0x00007f2cab9186e2 __GI___assert_fail (libc.so.6)
     #4  0x00007f2cb10aaca5 k5_mutex_lock (libkrb5.so.3)
     #5  0x00007f2cb10ab790 k5_mutex_lock (libkrb5.so.3)
     #6  0x00007f2cb10ab8f5 profile_free_file (libkrb5.so.3)
     #7  0x00007f2cb10ab983 profile_close_file (libkrb5.so.3)
     #8  0x00007f2cb10af249 profile_release (libkrb5.so.3)
     #9  0x00007f2cb10a06c7 k5_os_free_context (libkrb5.so.3)
     #10 0x00007f2cb1075a9a krb5_free_context (libkrb5.so.3)
     #11 0x000055cea7cb2dd1 kcm_data_destructor (sssd_kcm)
     #12 0x00007f2cac153e96 _tc_free_internal (libtalloc.so.2)
     #13 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
     #14 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
     #15 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
     #16 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
     #17 0x00007f2cac14e648 _talloc_free (libtalloc.so.2)
     #18 0x00007f2cac14c480 talloc_lib_fini (libtalloc.so.2)
     #19 0x00007f2cb151da96 _dl_fini (ld-linux-x86-64.so.2)
     #20 0x00007f2cab9226bc __run_exit_handlers (libc.so.6)
     #21 0x00007f2cab9227ec __GI_exit (libc.so.6)
     #22 0x00007f2cb030dc61 orderly_shutdown (libsss_util.so)
     #23 0x00007f2cac365a46 tevent_common_check_signal (libtevent.so.0)
     #24 0x00007f2cac367975 epoll_event_loop_once (libtevent.so.0)
     #25 0x00007f2cac365dab std_event_loop_once (libtevent.so.0)
     #26 0x00007f2cac362098 _tevent_loop_once (libtevent.so.0)
     #27 0x00007f2cac3622eb tevent_common_loop_wait (libtevent.so.0)
     #28 0x00007f2cac365d3b std_event_loop_wait (libtevent.so.0)
     #29 0x00007f2cb030eb37 server_loop (libsss_util.so)
     #30 0x000055cea7cb29f4 main (sssd_kcm)
     #31 0x00007f2cab90c1eb __libc_start_main (libc.so.6)
     #32 0x000055cea7cb2c7a _start (sssd_kcm)

We still only register one atexit handler instead of multiple ones
like in talloc 2.1.11, but avoids using a library destructor.

Bug #7587 seems to be fixed by not using talloc_autofree_context()
within samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13366

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-05 13:01:20 +02:00
Stefan Metzmacher
41b6810ba0 talloc: use a library destructor instead of atexit() if available
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-03-21 13:11:14 +01:00
Andreas Schneider
4a7eaf909d talloc: Fix size type and checks in _vasprintf_tc
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-03-21 13:11:14 +01:00
Andrew Bartlett
0623097558 talloc: Do not disclose the random talloc magic in free()'ed memory
This may help us avoid exploits via memory read attacks on Samba by ensuring that if the read
is on an invalid chunk that the talloc magic disclosed there is not useful
to create a valid chunk and so set a destructor.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13211

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-01-12 22:42:21 +01:00
Andrew Bartlett
00ee9da50b talloc: Remove talloc_abort_magic()
The check required for talloc_abort_magic() prevents the 'access after free error'
from being printed.

It is also no longer possible to determine the difference between invalid memory
and a talloc version mismatch as the magic is now random on many platforms.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13210

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-01-12 22:42:21 +01:00
Stefan Metzmacher
16ea6e1308 talloc: fix TALLOC_VERSION_* mismatch detection
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 22 00:14:34 CET 2017 on sn-devel-144
2017-02-22 00:14:34 +01:00
Jeremy Allison
d35ff9e9bd lib: talloc: Make it clear that talloc_get_size(NULL) returns 0.
This *isn't* a behavior change, as the previous code could potentially
return the size of null_context, which (currently) is defined as
a named talloc region of ZERO size, but this makes it very clear
what the ABI behavior should be.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 12 19:23:25 CET 2017 on sn-devel-144
2017-01-12 19:23:25 +01:00
Andrew Bartlett
48c897f126 talloc: clarify that talloc_magic never includes the bits in TALLOC_FLAG_MASK
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-12-01 05:54:22 +01:00
Andrew Bartlett
032e25fdc6 talloc: add ASCII art to describe parent/child arrangement
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-12-01 05:54:22 +01:00
Amitay Isaacs
5fb54d4d81 talloc: Fix format-nonliteral warning
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12168

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-24 01:33:50 +02:00
Andrew Bartlett
f877191fee lib: talloc: As we have a struct talloc_chunk * in _talloc_free_children_internal(), use it to call _tc_free_internal() directly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
fde0d0de71 lib: talloc: As _tc_free_internal() takes a struct talloc_chunk *, add an extra paranoia check against destructor overwrite.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
d2a5927bd7 lib: talloc: Rename the internals of _talloc_free_internal() to _tc_free_internal().
Make it use a struct talloc_chunk *tc parameter. Define _talloc_free_internal()
in terms of _tc_free_internal().

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
94a72849fa lib: talloc: Call talloc_chunk_from_ptr() less often in __talloc_with_prefix()
Rename 'ptc' pointer to parent as it's re-used as
that name later in the function.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
c6d458ef6e lib: talloc: Rename talloc_set_name_v() to tc_set_name_v(). Make it take a struct talloc_chunk *tc as the first argument.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
192c75730b lib: talloc: Add _vasprintf_tc() which returns the struct talloc_chunk *, not the talloc'ed pointer.
Define talloc_vasprintf() in terms of _vasprintf_tc().
We will use _vasprintf_tc() internally later.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
2bfccbf9d0 lib: talloc: Change _talloc_set_name_const() to _tc_set_name_const()
First argument is now struct talloc_chunk *tc.
Ensure all callers pass correct talloc chunk from given pointer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
5bc592da83 lib: talloc: Change __talloc() to return a struct talloc_chunk *.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Andrew Bartlett
58f987d0e6 lib: talloc: Change __talloc_with_prefix() to return a struct talloc_chunk *.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-03 14:26:17 +02:00
Jeremy Allison
64244f9d5f lib: talloc: Rename talloc_XXX() internal functions that take a 'struct talloc_chunk *' to tc_XXX().
We will be adding more and it ensures a consistent naming scheme.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-03 14:26:17 +02:00
Saji VR
d4d14b15b6 lib:talloc. Fix memory leak when destructors reparent children.
If a destructor reparents a child, we shouldn't exit the
loop freeing children as there may be others to process.

https://bugzilla.samba.org/show_bug.cgi?id=11901

Signed-off-by: Saji VR <saji.vr@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 08:33:53 CEST 2016 on sn-devel-144
2016-05-05 08:33:53 +02:00
Adrian Cochrane
906a26a2ab talloc: Provide tests access to talloc_magic
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-09 20:14:07 +02:00
Andrew Bartlett
4a4664a80e lib/talloc: Provide multiple-loading detection for libtalloc via rand()
The use of rand() is strongly discrouanged, but here is it ideal, as we just want to select a different
set of random bytes if we are called again within the same process.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-09 20:14:06 +02:00
Andrew Bartlett
30ea897194 lib/talloc: Disrupt buffer overflow attacks on Samba by using random magic
By setting the talloc magic to a random value, we make it much harder to overwrite a talloc_chunk
in a valid way with a simple buffer overflow.

The flags are placed before more senstive variables so they have to be overwritten first.

Inspired by the exploit in: http://blog.csnc.ch/wp-content/uploads/2012/07/sambaexploit_v1.0.pdf

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-09 20:14:06 +02:00
Stefan Metzmacher
3929abfc6b talloc: fix _talloc_total_limit_size prototype
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-03-09 09:35:05 +01:00
Jeremy Allison
cc4e5481ea lib: talloc: Allow destructors to reparent the object they're called on.
If a destructor returns failure (-1) when freeing a child, talloc
must then reparent the child.

Firstly it tries the owner of any reference, next the parent of the
current object calling _talloc_free_children_internal(), and finally
the null context in the last resort.

If a destructor reparented its own object, which can be a very
desirable thing to do (a destructor can make a decision it isn't
time to die yet, and as the parent may be going away it might
want to move itself to longer-term storage) then this new parent
gets overwritten by the existing reparenting logic.

This patch checks when freeing a child if it already reparented
itself, and if it did doesn't then overwrite the new parent.

Makes destructors more flexible.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2015-03-08 18:24:07 +01:00
Jeremy Allison
3289a5d84f lib: talloc: Fix bug when calling a destructor.
If the destructor itself calls talloc_set_destructor()
and returns -1, the new destructor set is overwritten
by talloc.

Dectect that and leave the new destructor in place.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2015-03-08 18:24:06 +01:00
Stefan Metzmacher
de822b5847 talloc: fix compiler warning
This avoids the following warning when using:

CFLAGS="-O3 -g -fstrict-overflow -Wstrict-overflow=5"

../talloc.c: In Funktion »talloc_is_parent«:
../talloc.c:2658:21: Warnung: assuming signed overflow does not occur when
changing X +- C1 cmp C2 to X cmp C1 +- C2 [-Wstrict-overflow]

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-16 17:21:04 +02:00
Stefan Metzmacher
014eecd0b2 talloc: inline talloc_get_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-16 17:21:04 +02:00
Stefan Metzmacher
3aa3535472 talloc: inline more static functions
We need the code to be as fast as possible.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-16 17:21:04 +02:00
Volker Lendecke
593c8103af talloc: Tune talloc_vasprintf
vsnprintf is significantly more expensive than memcpy. For the
common case where the string we print is less than a kilobyte, avoid
the second vsnprintf.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 15 12:49:14 CEST 2014 on sn-devel-104
2014-05-15 12:49:14 +02:00
Volker Lendecke
e82320e519 talloc: Add talloc_pooled_object
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-08 11:34:06 +02:00
Volker Lendecke
20ad6d7aa3 talloc: Allow nested pools.
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-09-08 11:34:06 +02:00
Volker Lendecke
a3d9099d9a talloc: Add a separate pool size
This is necessary to allow talloc pools to be objects on their own. It
is an incompatible change in the sense that talloc_get_size(pool) now
returns 0 instead of the pool size. When the talloc_pooled_object()
call is added, this will start to make sense again.

Maybe we should add a talloc_pool_size call? Or is that overkill?

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-08 11:34:06 +02:00
Volker Lendecke
b87c8fd435 talloc: Put pool-specific data before the chunk
This is a preparation to make talloc pool real objects themselves.

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-09-08 11:34:06 +02:00
Volker Lendecke
9887f387a1 talloc: Introduce __talloc_with_prefix
This will allow to exchange the extra talloc pool header with the
talloc_chunk structure

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-09-08 11:34:06 +02:00
Volker Lendecke
1334c745e1 talloc: Decouple the dual use of chunk->pool
If we want nested pools, we will have pools that are pool members. So
we will have to have a separate "next object" pointer  for pools. As
we have struct talloc_pool_chunk now, this additional pointer does not
affect normal talloc objects.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-08 11:34:06 +02:00
Jeremy Allison
617c647b8e Fix valgrind errors with memmove and talloc pools.
bin/smbtorture //127.0.0.1 local.talloc now runs with no valgrind errors.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 28 02:44:17 CEST 2013 on sn-devel-104
2013-08-28 02:44:16 +02:00
Jeremy Allison
3d0f717d43 Remove talloc_memlimit_update(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
2013-08-27 15:44:20 -07:00
Jeremy Allison
8e2a543e08 Inside _talloc_realloc(), keep track of size changes over malloc/realloc/free.
Replace the last use of talloc_memlimit_update() with talloc_memlimit_grow()/
talloc_memlimit_shrink().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
2013-08-27 15:44:20 -07:00