sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-12 20:58:37 +03:00
Code
samba-mirror/source3
History
Shachar Sharon f7dc86c173 s3:smbd: fix NULL dereference in case of readlink failure 
When VFS readlinkat hook returns with error the following sequence
yields NULL-pointer dereference (SIGSEGV):

  symlink_target_below_conn (source3/smbd/open.c)
    char *target = NULL;
    ...
    readlink_talloc (source3/smbd/files.c)
      SMB_VFS_READLINKAT
        smb_vfs_call_readlinkat (source3/smbd/vfs.c)
          handle->fns->readlinkat_fn --> returns error

  status = safe_symlink_target_path(.., target /* NULL */ ..)
    safe_symlink_target_path (source3/smbd/filename.c)
      if (target[0] == '/') { /* NULL pointer dereference */

A failure in VFS module's readlinkat hook may happen due to run-time
error (e.g., network failure which cases libcephfs to disconnect from
MDS).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224

(cherry picked from commit 168966a053045476a84044aa73f66722eb702fe0)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Aug 26 15:45:20 UTC 2024 on atb-devel-224
2024-08-26 15:45:20 +00:00
..
auth
Revert "token_util.c: prefer capabilities over become_root"
2024-03-27 16:51:00 +00:00
build
client
s3/libsmb: reuse smbXcli_conn_have_posix()
2023-10-26 15:29:29 +00:00
exports
groupdb
s3:groupdb: Add missing newline to logging message
2023-08-08 04:39:38 +00:00
include
s3:include: split out fstring.h
2024-05-30 09:47:15 +00:00
intl
lib
s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
2024-06-10 13:24:16 +00:00
libads
s3:libads: Do not fail if we don't get an IP passed down
2024-06-05 13:55:28 +00:00
libgpo/gpext
libnet
s3:libnet: Remove always‐false comparison (CID 241309)
2023-10-13 02:18:31 +00:00
librpc
s3:crypto/gse: implement channel binding support
2024-07-09 09:54:15 +00:00
libsmb
s3:libsmb:nmblib: use NUMERIC_CMP in status_compare
2024-06-10 13:24:16 +00:00
locale
s3:utils: Fix code spelling
2023-08-08 04:39:38 +00:00
locking
s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare
2024-06-10 13:24:16 +00:00
modules
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
2024-08-22 10:34:46 +00:00
nmbd
s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of nb_packet_{server_create,reader_send}()
2024-05-30 09:47:16 +00:00
param
s3:param: Remove unnecessary use of discard_const_p()
2023-12-21 20:21:34 +00:00
passdb
s3:passdb: Fix memory leak caused by recursion of get_global_sam_sid()
2024-01-23 14:30:58 +00:00
printing
s3:printing: Allow to run samba-bgqd as a standalone systemd service
2024-07-23 08:56:24 +00:00
profile
profile: Fix rusage reporting
2023-12-19 16:05:36 +00:00
registry
libcli/security: Rename dup_nt_token() -> security_token_duplicate()
2023-09-26 23:45:36 +00:00
rpc_client
s3/rpc_client: Fix array offset check
2024-02-26 10:37:37 +00:00
rpc_server
s3:rpc_server/mdssvc: make use of tstream_tls_params_client_lpcfg()
2024-07-09 09:54:15 +00:00
rpcclient
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c
2023-11-21 11:16:37 +00:00
script
test_recycle.sh: make sure we don't see panics on the log files
2024-06-19 13:00:11 +00:00
selftest
s3/torture: Add test for widelink case insensitivity on a MSDFS share.
2024-06-12 09:20:11 +00:00
services
s3:services: Disable rcinit-based service control code
2021-12-10 14:02:30 +00:00
smbd
s3:smbd: fix NULL dereference in case of readlink failure
2024-08-26 15:45:20 +00:00
torture
smbd: Give source3/smbd/dir.c its own header file
2023-12-19 16:05:36 +00:00
utils
s3:ntlm_auth: make logs more consistent with length check
2024-08-14 16:10:42 +00:00
web
winbindd
s3:winbind: Fix idmap_ad creating an invalid local krb5.conf
2024-06-05 15:01:54 +00:00
.clang_complete
.dmallocrc
.indent.pro
Doxyfile
mainpage.dox
smbadduser.in
wscript
vfs_ceph_new: next iteration of samba-to-cephfs bridge
2024-08-20 11:36:13 +00:00
wscript_build
s3:wscript: LIBNMB requires lp_ functions
2024-05-30 09:47:16 +00:00
wscript_configure_system_ncurses