[SCM] Samba Shared Repository - branch v3-5-test updated

Jeremy Allison Wed, 14 Oct 2009 11:30:37 -0700

The branch, v3-5-test has been updated
       via  4c8175c... Final part of fix for bug 6793 - winbindd crash with 
"INTERNAL ERROR: Signal 6" Don't use mapped_user uninitialized. Jeremy.
       via  a3713a5... s3:winbind: Fix a double-free
       via  12cabf9... s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_auth
      from  a94f0a5... s3: Fix reference to freed memory in pam_winbind.


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 4c8175c1ce2696a3834dc7a8d56e9f3a786c33a4
Author: Jeremy Allison <j...@samba.org>
Date:   Wed Oct 14 11:11:26 2009 -0700

    Final part of fix for bug 6793 - winbindd crash with "INTERNAL ERROR: 
Signal 6"
    Don't use mapped_user uninitialized.
    Jeremy.

commit a3713a55ab5f5c75ae042a0ba1c97424bea3abf7
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Oct 13 20:56:28 2009 +0200

    s3:winbind: Fix a double-free
    
    Part of a fix for bug #6793.

commit 12cabf9ae8772bfc83b571f918bd8c74d62e1564
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Oct 14 11:14:57 2009 -0700

    s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_auth

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/idmap_adex/provider_unified.c |    1 -
 source3/winbindd/winbindd_pam.c                |   15 ++++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/idmap_adex/provider_unified.c 
b/source3/winbindd/idmap_adex/provider_unified.c
index b6652f4..af33405 100644
--- a/source3/winbindd/idmap_adex/provider_unified.c
+++ b/source3/winbindd/idmap_adex/provider_unified.c
@@ -440,7 +440,6 @@ done:
        }
 
        talloc_destroy(frame);
-       TALLOC_FREE(entry_dn);
 
        return nt_status;
 }
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 178b3ea..ddf8c46 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -797,8 +797,8 @@ NTSTATUS append_auth_data(struct winbindd_cli_state *state,
 void winbindd_pam_auth(struct winbindd_cli_state *state)
 {
        struct winbindd_domain *domain;
-       fstring name_domain, name_user;
-       char *mapped_user = NULL;
+       fstring name_domain, name_user, mapped_user;
+       char *mapped = NULL;
        NTSTATUS result;
        NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
 
@@ -822,15 +822,16 @@ void winbindd_pam_auth(struct winbindd_cli_state *state)
 
        name_map_status = normalize_name_unmap(state->mem_ctx,
                                               state->request->data.auth.user,
-                                              &mapped_user);
+                                              &mapped);
 
        /* If the name normalization didnt' actually do anything,
           just use the original name */
 
-       if (!NT_STATUS_IS_OK(name_map_status) &&
-           !NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED))
-       {
-               mapped_user = state->request->data.auth.user;
+       if (NT_STATUS_IS_OK(name_map_status)
+           ||NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) {
+               fstrcpy(mapped_user, mapped);
+       } else {
+               fstrcpy(mapped_user, state->request.data.auth.user);
        }
 
        if (!canonicalize_username(mapped_user, name_domain, name_user)) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

Reply via email to