sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
6237b08f53
samba-mirror/source3
History
Noel Power 43ea097461 s3:libsmb: Fix illegal memory access after memory has been deleted. 
smbtorture with the libsmbclient test suite produces the following valgrind
trace

==31432== Invalid read of size 8
==31432==    at 0x99B8858: smbc_free_context (libsmb_context.c:260)
==31432==    by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432==    by 0x9553F42: wrap_simple_test (torture.c:632)
==31432==    by 0x955366F: internal_torture_run_test (torture.c:442)
==31432==    by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432==    by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432==    by 0x95531D7: torture_run_suite (torture.c:339)
==31432==    by 0x25FEFF: run_matching (smbtorture.c:93)
==31432==    by 0x260195: torture_run_named_tests (smbtorture.c:143)
==31432==    by 0x261E14: main (smbtorture.c:665)
==31432==  Address 0x18864a70 is 80 bytes inside a block of size 96 free'd
==31432==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31432==    by 0x99BCC46: SMBC_closedir_ctx (libsmb_dir.c:922)
==31432==    by 0x99C06CA: SMBC_close_ctx (libsmb_file.c:370)
==31432==    by 0x99B8853: smbc_free_context (libsmb_context.c:259)
==31432==    by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432==    by 0x9553F42: wrap_simple_test (torture.c:632)
==31432==    by 0x955366F: internal_torture_run_test (torture.c:442)
==31432==    by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432==    by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432==    by 0x95531D7: torture_run_suite (torture.c:339)
==31432==    by 0x25FEFF: run_matching (smbtorture.c:93)
==31432==    by 0x260195: torture_run_named_tests (smbtorture.c:143)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11836

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 14 13:24:10 CEST 2016 on sn-devel-144
2016-04-14 13:24:10 +02:00
..
auth CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT 2016-04-12 19:25:26 +02:00
build waf: improve iconv checks 2014-01-03 05:04:44 +01:00
client CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames. 2016-03-10 06:52:23 +01:00
exports
groupdb Convert all uses of uint32/16/8 to _t in source3/groupdb. 2015-05-14 19:29:19 +02:00
include CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol() 2016-04-12 19:25:26 +02:00
intl lang_tdb: don't leak lock_path or data_path onto talloc tos 2014-11-03 23:46:05 +01:00
lib CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT 2016-04-12 19:25:26 +02:00
libads s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5 2016-04-12 23:02:56 +02:00
libgpo gpo: don't leak cache_path onto talloc tos 2014-10-06 19:18:05 +02:00
libnet CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT 2016-04-12 19:25:26 +02:00
librpc CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth() 2016-04-12 19:25:32 +02:00
libsmb s3:libsmb: Fix illegal memory access after memory has been deleted. 2016-04-14 13:24:10 +02:00
locale s3: fix encryption help messages 2015-12-22 02:22:50 +01:00
locking s3:smbd: convert file_struct.posix_open to a bitmap with flags 2015-12-01 20:45:20 +01:00
modules vfs_catia: Fix bug 11827, memleak 2016-04-11 14:25:59 +02:00
nmbd dlist: remove unneeded type argument from DLIST_ADD_END() 2016-02-06 21:48:17 +01:00
param CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no" 2016-04-12 19:25:28 +02:00
passdb build: mark explicit dependencies on pytalloc-util 2016-03-15 07:08:16 +01:00
printing s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname(). 2016-03-24 22:57:16 +01:00
profile s3-profile: reduce dependencies of smbprofile.h 2016-03-28 20:45:16 +02:00
registry s3:registry: use dbwrap_purge_bystring instead of dbwrap_delete_bystring 2016-03-01 21:50:24 +01:00
rpc_client CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors 2016-04-12 19:25:32 +02:00
rpc_server CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context} 2016-04-12 19:25:32 +02:00
rpcclient CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY 2016-04-12 19:25:27 +02:00
script seltest: add test for "ignore system acls" in vfs_acl_xattr. 2016-03-24 03:06:16 +01:00
selftest seltest: add test for "ignore system acls" in vfs_acl_xattr. 2016-03-24 03:06:16 +01:00
services Convert all uint32/16/8 to _t in a couple of include files. 2015-05-12 04:22:55 +02:00
smbd CVE-2016-2114: s3:smbd: enforce "server signing = mandatory" 2016-04-12 19:25:26 +02:00
stf
torture winbind: Remove unused idmap_backends_unixid_to_sid 2016-03-30 17:58:48 +02:00
utils CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT 2016-04-12 19:25:26 +02:00
web
winbindd CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing() 2016-04-12 19:25:26 +02:00
.clang_complete lib: Remove tdb_compat 2015-03-17 11:30:52 +01:00
.dmallocrc
.indent.pro
change-log
Doxyfile
mainpage.dox
smbadduser.in
wscript configure: Don't check for inotify on illumos 2016-04-06 00:15:17 +02:00
wscript_build s3:wscript: pylibsmb depends on pycredentials 2016-03-15 22:13:23 +01:00
wscript_configure_system_ncurses Transition to waf 1.8: wrapped conf.check_cfg 2015-03-16 03:00:07 +01:00