mirror of
https://github.com/samba-team/samba.git
synced 2025-01-20 14:03:59 +03:00
0503e0df3b
popt1.19 fixes a leak that exposes a use as free, make sure we duplicate return of poptGetArg if poptFreeContext is called before we use it. ==4407== Invalid read of size 1 ==4407== at 0x146263: main (rpcclient.c:1262) ==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd ==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x146227: main (rpcclient.c:1251) ==4407== Block was alloc'd at ==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x1461BC: main (rpcclient.c:1219) ==4407== ==4407== Invalid read of size 1 ==4407== at 0x14627D: main (rpcclient.c:1263) ==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd ==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x146227: main (rpcclient.c:1251) ==4407== Block was alloc'd at ==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x1461BC: main (rpcclient.c:1219) ==4407== ==4407== Invalid read of size 1 ==4407== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470) ==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320) ==4407== by 0x1462B1: main (rpcclient.c:1267) ==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd ==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x146227: main (rpcclient.c:1251) ==4407== Block was alloc'd at ==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x1461BC: main (rpcclient.c:1219) ==4407== ==4407== Invalid read of size 1 ==4407== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470) ==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320) ==4407== by 0x1462B1: main (rpcclient.c:1267) ==4407== Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd ==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x146227: main (rpcclient.c:1251) ==4407== Block was alloc'd at ==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x1461BC: main (rpcclient.c:1219) ==4407== ==4407== Invalid read of size 8 ==4407== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457) ==4407== by 0x4980E32: talloc_strdup (talloc.c:2470) ==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320) ==4407== by 0x1462B1: main (rpcclient.c:1267) ==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd ==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x146227: main (rpcclient.c:1251) ==4407== Block was alloc'd at ==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x1461BC: main (rpcclient.c:1219) ==4407== ==4407== Invalid read of size 1 ==4407== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457) ==4407== by 0x4980E32: talloc_strdup (talloc.c:2470) ==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320) ==4407== by 0x1462B1: main (rpcclient.c:1267) ==4407== Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd ==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x146227: main (rpcclient.c:1251) ==4407== Block was alloc'd at ==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2) ==4407== by 0x1461BC: main (rpcclient.c:1219) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit d26d3d9bff61f796c9c9ab54990ea078f575ab1e)