1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/smbd
Jeremy Allison d1bc0d0b51 s3/smbd: Use after free when iterating smbd_server_connection->connections
Change conn_free() to just use a destructor. We now
catch any other places where we may have forgetten to
call conn_free() - it's implicit on talloc_free(conn).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128

Based on code from Noel Power <noel.power@suse.com>.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Aug 17 09:54:06 UTC 2022 on sn-devel-184

(cherry picked from commit f92bacbe21)
2022-08-23 07:45:16 +00:00
..
notifyd lib;smbd: Fix the -Os build by initializing variables 2021-08-06 17:22:30 +00:00
aio.c s3: smbd: Move implicit call to lp_posix_cifsu_locktype() out of init_strict_lock_struct(). 2022-01-06 15:11:38 +00:00
avahi_register.c
blocking.c s3: smbd: Remove lock_flav argument from smbd_smb1_brl_finish_by_lock(). 2022-01-06 15:11:38 +00:00
close.c smbd: Introduce close_file_smb() 2022-02-14 17:46:14 +00:00
conn_idle.c s3:rpc_server: Activate samba-dcerpcd 2021-12-10 14:02:30 +00:00
conn_msg.c smbd: Add close-denied-share message 2020-01-15 21:25:35 +00:00
conn.c s3/smbd: Use after free when iterating smbd_server_connection->connections 2022-08-23 07:45:16 +00:00
connection.c
dfree.c smbd: Save a few lines with str_list_add_printf() 2022-01-18 20:22:38 +00:00
dir.c s3: smbd: Don't allow setting the delete on close bit on a directory if it contains non-visible files and "delete veto files = no". 2022-03-24 11:55:43 +00:00
dmapi.c
dnsregister.c
dosmode.c s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME. 2022-04-11 07:49:13 +00:00
durable.c s3: smbd: Allow a durable handle on a leased stat-open. 2022-05-09 08:18:05 +00:00
error.c
fake_file.c smbd: Move the call to file_free() out of close_fake_file() 2022-02-14 17:46:14 +00:00
fd_handle.c smbd: Assert we don't leak fd's in struct fd_handle 2021-12-30 11:54:17 +00:00
fd_handle.h smbd: add fd_handle.[c|h] 2020-12-16 09:08:30 +00:00
file_access.c s3: smbd: smbd_check_access_rights_fsp(). Add dirfsp parameter. 2021-06-09 13:14:31 +00:00
fileio.c smbd: use fdos_mode() in mark_file_modified() 2020-12-16 09:08:31 +00:00
filename.c smbd: Fix a use-after-free 2022-03-02 10:26:30 +00:00
files.c s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. 2022-04-11 07:49:13 +00:00
globals.c smbd: let smbd_request_guid() use smb1req->xconn->channel_id 2021-03-06 02:20:05 +00:00
globals.h s3: smbd: Remove now redundent lock_flav parameter from smbd_do_unlocking(). 2022-01-06 16:03:28 +00:00
ipc.c libsmb: Remove "trans_oob()" macro 2021-11-11 19:08:37 +00:00
lanman.c source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
mangle_hash2.c mangle_hash2: remove LOCK$ from list of reserved names 2021-08-24 19:26:59 +00:00
mangle_hash.c smbd: Move fast_string_hash() to mangle_hash.c, the only user 2022-01-05 00:11:37 +00:00
mangle.c
message.c source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
msdfs.c s3: smbd: parse_dfs_path() can ignore wildcards. 2021-12-11 07:17:29 +00:00
negprot.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
notify_fam.c
notify_inotify.c smbd: Align two integer types 2020-11-04 18:55:39 +00:00
notify_msg.c notifyd: Factor out notify_walk() into its own file 2020-10-24 05:57:31 +00:00
notify.c s3: smbd: smbd_check_access_rights_fsp(). Add dirfsp parameter. 2021-06-09 13:14:31 +00:00
ntquotas.c smbd: add twrp arg to synthetic_smb_fname() 2020-05-05 19:18:40 +00:00
nttrans.c smbd: NULL out "fsp" in close_file() 2022-02-14 17:46:14 +00:00
open.c s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values 2022-08-23 07:45:16 +00:00
oplock_linux.c lib;smbd: Fix the -Os build by initializing variables 2021-08-06 17:22:30 +00:00
oplock.c s3:smbd: only clear LEASE_READ if there's no read lease is left 2022-08-23 07:45:16 +00:00
password.c smbd: RIP user_struct 2020-01-13 21:09:01 +00:00
perfcount.c
pipes.c smbd: Make SID_SAMBA_SMB3 a static SID 2021-10-08 19:28:31 +00:00
posix_acls.c s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code. 2021-07-13 08:11:36 +00:00
process.c s3:rpc_server: Activate samba-dcerpcd 2021-12-10 14:02:30 +00:00
proto.h smbd: Introduce close_file_smb() 2022-02-14 17:46:14 +00:00
pysmbd.c s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. 2022-04-11 07:49:13 +00:00
quotas.c
reply.c CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro. 2022-07-24 09:29:26 +02:00
scavenger.c smbd: Give smbXsrv_open.c its own header file 2021-11-11 19:08:37 +00:00
scavenger.h
seal.c
sec_ctx.c sec_ctx.c: Fix -Wunused-function warning on macOS 2021-10-13 01:42:35 +00:00
server_exit.c s3:rpc_server: Activate samba-dcerpcd 2021-12-10 14:02:30 +00:00
server_reload.c smbd: check lp_load_printers before reload via NetShareEnum 2021-11-08 13:27:40 +00:00
server.c s3:smbd: handle --build-options without parsing smb.conf 2022-01-17 12:23:33 +00:00
service.c source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
session.c
sesssetup.c source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
share_access.c Revert "s3:smbd: Remove NIS support" 2022-06-12 09:19:16 +00:00
signing.c
smb1_utils.c smbd: add need_fsa arg and logic to file_find_di_(first|next) 2020-12-16 09:08:31 +00:00
smb1_utils.h lib: Move send_keepalive() to smbd/smb1_utils.c 2020-08-17 19:35:37 +00:00
smb2_break.c s3:smbd: pass down smbXsrv_client to smbd_smb2_send_{oplock,lease}_break() 2020-07-08 15:54:40 +00:00
smb2_close.c smbd: NULL out "fsp" in close_file() 2022-02-14 17:46:14 +00:00
smb2_create.c smbd: NULL out "fsp" in close_file() 2022-02-14 17:46:14 +00:00
smb2_flush.c smbd: use fsp_get_io_fd() when accessing a file or it's associated metadata 2020-12-16 09:08:30 +00:00
smb2_getinfo.c s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. 2022-04-11 07:49:13 +00:00
smb2_glue.c s3:smbd: implement FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT 2020-07-08 15:54:40 +00:00
smb2_ioctl_dfs.c
smb2_ioctl_filesys.c s3: smbd: Move implicit call to lp_posix_cifsu_locktype() out of init_strict_lock_struct(). 2022-01-06 15:11:38 +00:00
smb2_ioctl_named_pipe.c
smb2_ioctl_network_fs.c vfs: Add flags and xferlen args to SMB_VFS_OFFLOAD_READ_RECV 2021-10-08 19:28:32 +00:00
smb2_ioctl_private.h s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file. 2021-08-11 19:16:29 +00:00
smb2_ioctl_smbtorture.c s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP. 2021-08-11 19:16:29 +00:00
smb2_ioctl.c smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done() 2021-12-01 11:04:29 +00:00
smb2_keepalive.c
smb2_lock.c s3: smbd: Remove now redundent lock_flav parameter from smbd_do_unlocking(). 2022-01-06 16:03:28 +00:00
smb2_negprot.c libcli/smb: actually make use of "client/server smb3 signing algorithms" 2021-07-15 00:06:31 +00:00
smb2_notify.c smbd: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR 2020-06-22 12:07:38 +00:00
smb2_query_directory.c s3: smbd: Use a helper variable in smbd_smb2_query_directory_send(). 2021-11-16 20:21:37 +00:00
smb2_read.c s3: smbd: Move implicit call to lp_posix_cifsu_locktype() out of init_strict_lock_struct(). 2022-01-06 15:11:38 +00:00
smb2_server.c smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO 2021-12-01 11:51:50 +00:00
smb2_sesssetup.c source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
smb2_setinfo.c s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. 2022-04-11 07:49:13 +00:00
smb2_tcon.c smb2_tcon: also try to cancel pending compound requests on tdis 2021-03-29 20:43:28 +00:00
smb2_write.c s3: smbd: Move implicit call to lp_posix_cifsu_locktype() out of init_strict_lock_struct(). 2022-01-06 15:11:38 +00:00
smbd_cleanupd.c
smbd_cleanupd.h
smbd.h s3: smbd: UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x00000002 is no longer used. 2021-12-11 07:17:29 +00:00
smbXsrv_client.c smbXsrv_client: move the connection passing to smb2srv_client_mc_negprot_send/recv 2021-03-06 03:30:06 +00:00
smbXsrv_open.c smbd: Give smbXsrv_open.c its own header file 2021-11-11 19:08:37 +00:00
smbXsrv_open.h smbd: Give smbXsrv_open.c its own header file 2021-11-11 19:08:37 +00:00
smbXsrv_session.c s3:smbd: make sure smbXsrv_session_update() doesn't segfault with table == NULL 2021-07-15 00:06:31 +00:00
smbXsrv_tcon.c s3/smbd: Use after free when iterating smbd_server_connection->connections 2022-08-23 07:45:16 +00:00
smbXsrv_version.c
srvstr.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
statcache.c smbd: Move fast_string_hash() to mangle_hash.c, the only user 2022-01-05 00:11:37 +00:00
statvfs.c
trans2.c s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. 2022-04-11 07:49:13 +00:00
uid.c source3: move lib/substitute.c functions out of proto.h 2021-11-11 13:49:32 +00:00
utmp.c
vfs.c CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks. 2022-01-31 14:26:10 +00:00