IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 40b47c194d)
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a683507e56)
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f3fe1f2ce6)
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1a36c348d7)
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2bd27955ce)
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ee18bc29b8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
This matches the Windows registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d861d4eb28)
[jsutton@samba.org Fixed header include conflict]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c0c25cc021)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b787692b5e)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 81f4335dfb)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 80dc3bc2b8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4d540473c3)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f964c0c357)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7732a4b0bd)
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c8e53394b9)
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.
Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:
git show -U35 libcli/auth/netlogon_creds_cli.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1c6c112990)
This avoids advising insecure defaults for the global options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d60828f639)
This makes sure domain member related 'net' commands print warnings
about unsecure smb.conf options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1fdf1d55a5)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 992f39a2c8)
Cast from 'uint32_t *' (aka 'unsigned int *') to 'size_t *' (aka
'unsigned long *') increases required alignment from 4 to 8
==10343==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdc6784fc0 at pc 0x7f339f1ea500 bp 0x7ffdc6784ed0 sp 0x7ffdc6784ec8
WRITE of size 8 at 0x7ffdc6784fc0 thread T0
#0 0x7f339f1ea4ff in fd_load ../../lib/util/util_file.c:220
#1 0x7f339f1ea5a4 in file_load ../../lib/util/util_file.c:245
#2 0x56363209a596 in net_offlinejoin_requestodj ../../source3/utils/net_offlinejoin.c:267
#3 0x56363209a9d0 in net_offlinejoin ../../source3/utils/net_offlinejoin.c:74
#4 0x56363208f61c in net_run_function ../../source3/utils/net_util.c:453
#5 0x563631fe8a9f in main ../../source3/utils/net.c:1358
#6 0x7f339b22c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x7f339b22c678 in __libc_start_main_impl ../csu/libc-start.c:381
#8 0x563631faf374 in _start ../sysdeps/x86_64/start.S:115
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15257
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ef8c8ac54c)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Dec 6 12:02:00 UTC 2022 on sn-devel-184
Cf MS-FSA 2.1.5.14.2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184
(cherry picked from commit 535a08dfc4)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Dec 5 11:03:30 UTC 2022 on sn-devel-184
Otherwise we'll generate a memory leak of imessaging_post_state/
tevent_immediate structures per incoming message!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 32df5e4961)
follow to commit 4b15d8c2a5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 17 19:49:37 UTC 2022 on sn-devel-184
(cherry picked from commit 0326549a05)
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6055== Command: ./bin/testparm /etc/samba/smb.conf
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab72 is 2 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
Load smb config files from /etc/samba/smb.conf
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4b15d8c2a5)
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5914== Invalid read of size 1
==5914== at 0x4FDF740: strlcpy (in /usr/lib64/libbsd.so.0.11.6)
==5914== by 0x49E09A9: tdbsam_getsampwnam (pdb_tdb.c:583)
==5914== by 0x49D94E5: pdb_getsampwnam (pdb_interface.c:340)
==5914== by 0x10DED1: print_user_info (pdbedit.c:372)
==5914== by 0x111413: main (pdbedit.c:1324)
==5914== Address 0x73b6750 is 0 bytes inside a block of size 7 free'd
==5914== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C508B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x4C515D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x1113E6: main (pdbedit.c:1323)
==5914== Block was alloc'd at
==5914== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C522EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x110AE5: main (pdbedit.c:1137)
==5914==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e82699fcca)
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ff003fc87b)
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==4407== Invalid read of size 1
==4407== at 0x146263: main (rpcclient.c:1262)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x14627D: main (rpcclient.c:1263)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 8
==4407== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d26d3d9bff)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit a7fba3ff59)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Oct 18 09:41:37 UTC 2022 on sn-devel-184
For type == ADOUBLE_META, fio->fake_fd is true so
writes are already synchronous, just call tevent_req_post().
For type == ADOUBLE_RSRC we know we are configured
with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream()
returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND()
after replacing fsp with fio->ad_fsp.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 35c637f2e6)
If we get NT_STATUS_OBJECT_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
we should just keep the connection and overwrite the stale record in
smbXsrv_client_global.tdb. It's basically a race with serverid_exists()
and a process that doesn't cleanly teardown.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5d66d5b84f)
dbwrap_watched_watch_send() should typically be the last thing to call
before the db record is unlocked, as it's not that easy to undo.
In future we want to recover from smb2srv_client_connection_{pass,drop}()
returning NT_STATUS_OBJECT_NAME_NOT_FOUND and it would add complexity if
would need to undo dbwrap_watched_watch_send() at that point.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 56c597bc2b)
DBG_WARNING() already adds the function name as prefix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit acb3d821de)
If we hit a race, when a client disconnects the connection after the initial
SMB2 Negotiate request, before the connection is completely passed to
process serving the given client guid, the temporary smbd which accepted the
new connection may already detected the disconnect and exitted before
the long term smbd servicing the client guid was able to send the
MSG_SMBXSRV_CONNECTION_PASSED message.
The result was a log message like this:
smbXsrv_client_connection_pass_loop: smb2srv_client_connection_passed() failed => NT_STATUS_OBJECT_NAME_NOT_FOUND
and all connections belonging to the client guid were dropped,
because we called exit_server_cleanly().
Now we ignore NT_STATUS_OBJECT_NAME_NOT_FOUND from
smb2srv_client_connection_passed() and let the normal
event loop detect the broken connection, so that only
that connection is terminated (not the whole smbd process).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 636ec45c93)
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
(cherry picked from commit 8591d94243)
Example valgrind output:
==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075
==22502== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==22502== by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16)
==22502== by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==22502== by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x14E464: ??? (in /usr/sbin/winbindd)
==22502== by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd)
==22502== by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd)
==22502== by 0x167DE0: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x16A243: ??? (in /usr/sbin/winbindd)
==22502== by 0x16AA04: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F4C7: main (in /usr/sbin/winbindd)
You can find one for each string in pdb_copy_sam_account(), in total
this already has 67 MB in total for this valgrind run.
pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184
(cherry picked from commit 9ef2f7345f)
The function smbd_server_connection_terminate_done() does not free subreq
which is allocated in smbXsrv_connection_shutdown_send, this can be a
memory leakage if multi-channel is enabled.
Suggested fix by haihua yang <hhyangdev@gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
(cherry picked from commit b600b0c8d9)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Sep 28 20:10:04 UTC 2022 on sn-devel-184
In addition to b954d181cd we should also protect against timestamps
before the epoch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184
(cherry picked from commit f6b391e04a)
gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
should not silently garble time stamps but reject the attempt to set
an out-of-range timestamp.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit b954d181cd)
This ensures these calls are not optimised away.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1258746ba8)
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 65c473d4a5)
