1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source3/rpcclient
Noel Power 0503e0df3b s3/rpcclient: Duplicate string returned from poptGetArg
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.

==4407== Invalid read of size 1
==4407==    at 0x146263: main (rpcclient.c:1262)
==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x146227: main (rpcclient.c:1251)
==4407==  Block was alloc'd at
==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407==    at 0x14627D: main (rpcclient.c:1263)
==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x146227: main (rpcclient.c:1251)
==4407==  Block was alloc'd at
==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407==    by 0x1462B1: main (rpcclient.c:1267)
==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x146227: main (rpcclient.c:1251)
==4407==  Block was alloc'd at
==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407==    by 0x1462B1: main (rpcclient.c:1267)
==4407==  Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd
==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x146227: main (rpcclient.c:1251)
==4407==  Block was alloc'd at
==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 8
==4407==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407==    by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407==    by 0x1462B1: main (rpcclient.c:1267)
==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x146227: main (rpcclient.c:1251)
==4407==  Block was alloc'd at
==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407==    by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407==    by 0x1462B1: main (rpcclient.c:1267)
==4407==  Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd
==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x146227: main (rpcclient.c:1251)
==4407==  Block was alloc'd at
==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407==    by 0x1461BC: main (rpcclient.c:1219)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d26d3d9bff)
2022-10-19 08:39:17 +00:00
..
cmd_clusapi.c s3-rpcclient: add clusapi_resume_node command. 2020-01-09 01:15:34 +00:00
cmd_dfs.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_dfs 2019-01-28 10:29:17 +01:00
cmd_drsuapi.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_drsuapi 2019-01-28 10:29:18 +01:00
cmd_dssetup.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_dssetup 2019-01-28 10:29:18 +01:00
cmd_echo.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_echo 2019-01-28 10:29:18 +01:00
cmd_epmapper.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_epmapper 2019-01-28 10:29:20 +01:00
cmd_eventlog.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_eventlog 2019-01-28 10:29:19 +01:00
cmd_fss.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_fss 2019-01-28 10:29:18 +01:00
cmd_iremotewinspool.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_iremotewinspool 2019-01-28 10:29:18 +01:00
cmd_lsarpc.c rpcclient: Ask for minimal permissions for SID and name lookups 2020-03-11 08:09:32 +00:00
cmd_netlogon.c CVE-2020-25717: s3:rpcclient: start with authoritative = 1 2021-11-09 19:45:32 +00:00
cmd_ntsvcs.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_ntsvcvs 2019-01-28 10:29:19 +01:00
cmd_samr.c s3:rpcclient: Goto done in cmd_samr_setuserinfo_int() 2022-07-31 19:14:59 +00:00
cmd_shutdown.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_shutdown 2019-01-28 10:29:20 +01:00
cmd_spoolss.c s3:rpcclient: Migrate rpcclient to new cmdline option parser 2021-05-20 02:58:36 +00:00
cmd_spotlight.c Fix gcc11 compiler issue "-Werror=maybe-uninitialized" 2021-05-07 06:23:32 +00:00
cmd_srvsvc.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
cmd_unixinfo.c rpcclient: Add unixinfo commands 2021-08-24 18:22:56 +00:00
cmd_winreg.c rpcclient: Align integer types 2021-08-06 17:22:30 +00:00
cmd_witness.c s3:rpcclient: Document command of witness protocol 2021-05-25 00:23:37 +00:00
cmd_wkssvc.c s3:rpcclient: Use C99 initializer for cmd_set in cmd_wkssvc 2019-01-28 10:29:18 +01:00
rpcclient.c s3/rpcclient: Duplicate string returned from poptGetArg 2022-10-19 08:39:17 +00:00
rpcclient.h rpcclient: Add RPC_RTYPE_BINDING 2021-03-16 17:09:32 +00:00
wscript_build rpcclient: Add unixinfo commands 2021-08-24 18:22:56 +00:00