1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source3
Andreas Schneider 994464eee2 s3:utils: Fix stack smashing in net offlinejoin
Cast from 'uint32_t *' (aka 'unsigned int *') to 'size_t *' (aka
'unsigned long *') increases required alignment from 4 to 8

==10343==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdc6784fc0 at pc 0x7f339f1ea500 bp 0x7ffdc6784ed0 sp 0x7ffdc6784ec8
WRITE of size 8 at 0x7ffdc6784fc0 thread T0
    #0 0x7f339f1ea4ff in fd_load ../../lib/util/util_file.c:220
    #1 0x7f339f1ea5a4 in file_load ../../lib/util/util_file.c:245
    #2 0x56363209a596 in net_offlinejoin_requestodj ../../source3/utils/net_offlinejoin.c:267
    #3 0x56363209a9d0 in net_offlinejoin ../../source3/utils/net_offlinejoin.c:74
    #4 0x56363208f61c in net_run_function ../../source3/utils/net_util.c:453
    #5 0x563631fe8a9f in main ../../source3/utils/net.c:1358
    #6 0x7f339b22c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #7 0x7f339b22c678 in __libc_start_main_impl ../csu/libc-start.c:381
    #8 0x563631faf374 in _start ../sysdeps/x86_64/start.S:115

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15257

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ef8c8ac54c)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Dec  6 12:02:00 UTC 2022 on sn-devel-184
2022-12-06 12:02:00 +00:00
..
auth s3:auth_samba4: make use of imessaging_init_discard_incoming() 2022-10-19 08:39:17 +00:00
build
client s3/client: fix dfs deltree, resolve dfs path 2022-06-20 10:56:52 +00:00
exports
groupdb
include smbd: add and use vfs_fget_dos_attributes() 2022-09-06 07:54:13 +00:00
intl
lib lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW 2022-09-28 19:13:18 +00:00
libads s3:libads: Check if we have a valid sockaddr 2022-07-11 11:33:49 +00:00
libgpo/gpext
libnet s3:libnet: Do not set ADS_AUTH_ALLOW_NTLMSSP in FIPS mode 2022-01-22 00:27:52 +00:00
librpc smbXsrv_client: notify a different node to drop a connection by client guid. 2022-10-18 08:34:17 +00:00
libsmb s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. 2022-10-31 15:31:53 +00:00
locale pam_winbind/ro.po: fix error from previous patch merge 2020-10-29 20:49:16 +00:00
locking s3: smbd: Move implicit call to lp_posix_cifsu_locktype() out of init_strict_lock_struct(). 2022-01-06 15:11:38 +00:00
modules vfs_fruit: add missing calls to tevent_req_received() 2022-10-18 09:41:37 +00:00
nmbd source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
param s3/param: Check return of talloc_strdup 2022-10-19 08:39:17 +00:00
passdb CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message 2022-07-24 09:20:21 +02:00
printing s3:printing: Do not clear the printer-list.tdb 2022-07-11 10:27:17 +00:00
profile profile3: remove an unused include 2022-01-18 20:22:38 +00:00
registry CVE-2020-25717: Add FreeIPA domain controller role 2021-11-09 19:45:33 +00:00
rpc_client s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name() 2022-03-16 13:41:14 +00:00
rpc_server s3:rpc_server: Fix include directive substitution when enumerating shares 2022-11-23 12:43:15 +00:00
rpcclient s3/rpcclient: Duplicate string returned from poptGetArg 2022-10-19 08:39:17 +00:00
script s3:tests: Add substitution test for listing shares 2022-11-23 12:43:15 +00:00
selftest smbtorture: add a test trying to create a stream on share without streams support 2022-09-06 07:54:14 +00:00
services s3:services: Disable rcinit-based service control code 2021-12-10 14:02:30 +00:00
smbd smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories 2022-12-05 11:03:30 +00:00
torture smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL() 2022-09-06 07:54:13 +00:00
utils s3:utils: Fix stack smashing in net offlinejoin 2022-12-06 12:02:00 +00:00
web
winbindd s3:winbind: Use the canonical realm name to renew the credentials 2022-07-18 09:40:12 +00:00
.clang_complete
.dmallocrc
.indent.pro
Doxyfile
mainpage.dox
smbadduser.in
wscript Revert "s3:smbd: Remove NIS support" 2022-06-12 09:19:16 +00:00
wscript_build s3:waf: Fix version number of public libsmbconf 2022-06-27 08:25:10 +00:00
wscript_configure_system_ncurses