The branch, master has been updated via 8cc41b0 lanman: don't leak cache_path onto talloc tos via 3c85465 samlogon_cache: don't leak cache_path onto talloc tos via 21ed805 nmbd: don't leak cache_path onto talloc tos via 58b18e2 printing: don't leak cache_path onto talloc tos via 3c592ea gpo: don't leak cache_path onto talloc tos via e8ee9bb gencache: don't leak cache_path onto talloc tos via e4c27cb Add a status code for VHD support gleaned from some Win8.1 stuff. via 3450347 Add a definition of the NETWORK_RESILIENCY_REQUEST so I can write a torture test for it. from 92ca4f5 winbindd: Do not overwrite domain list with conflicting info from a trusted domain
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 8cc41b027769b659d1b1503f0fd33ca7d3c3eb9b Author: David Disseldorp <dd...@samba.org> Date: Mon Oct 6 18:21:18 2014 +0200 lanman: don't leak cache_path onto talloc tos Also check for allocation failures. Reported-by: Franz Pförtsch <franz.pfoert...@brose.com> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Mon Oct 6 21:41:22 CEST 2014 on sn-devel-104 commit 3c854657531ac73ce5e3148e35844e3c8130fe37 Author: David Disseldorp <dd...@samba.org> Date: Mon Oct 6 18:21:17 2014 +0200 samlogon_cache: don't leak cache_path onto talloc tos Also check for allocation failures. Reported-by: Franz Pförtsch <franz.pfoert...@brose.com> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 21ed8058d2e295e93c9df8e954de28478a060e94 Author: David Disseldorp <dd...@samba.org> Date: Mon Oct 6 18:21:16 2014 +0200 nmbd: don't leak cache_path onto talloc tos Reported-by: Franz Pförtsch <franz.pfoert...@brose.com> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 58b18e23e9de221e80fe978366ef05b65312919b Author: David Disseldorp <dd...@samba.org> Date: Mon Oct 6 18:21:15 2014 +0200 printing: don't leak cache_path onto talloc tos Also check for allocation failures. Reported-by: Franz Pförtsch <franz.pfoert...@brose.com> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 3c592eaac6db32843cde480226424e71312a853f Author: David Disseldorp <dd...@samba.org> Date: Mon Oct 6 18:21:14 2014 +0200 gpo: don't leak cache_path onto talloc tos Also check for allocation failures. Reported-by: Franz Pförtsch <franz.pfoert...@brose.com> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e8ee9bb66e765433e94f03d46ccb66459bb5fc3f Author: David Disseldorp <dd...@samba.org> Date: Mon Oct 6 18:21:13 2014 +0200 gencache: don't leak cache_path onto talloc tos Also check for allocation failures. Reported-by: Franz Pförtsch <franz.pfoert...@brose.com> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e4c27cb4bb7e2caa0296c79746d0eff8d34036fa Author: Richard Sharpe <realrichardsha...@gmail.com> Date: Sat Oct 4 12:06:10 2014 -0700 Add a status code for VHD support gleaned from some Win8.1 stuff. Signed-off-by: Richard Sharpe (rsha...@samba.org) Reviewed-by: Jeremy Allison <j...@samba.org> commit 3450347c8e7b0d725d58397161b2a9a16de99872 Author: Richard Sharpe <realrichardsha...@gmail.com> Date: Sat Oct 4 19:05:03 2014 -0700 Add a definition of the NETWORK_RESILIENCY_REQUEST so I can write a torture test for it. Signed-off-by: Richard Sharpe <rsha...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: libcli/util/ntstatus.h | 1 + librpc/idl/ioctl.idl | 9 +++++++++ source3/lib/gencache.c | 11 +++++++++++ source3/libgpo/gpext/registry.c | 20 +++++++++++++++----- source3/libgpo/gpext/scripts.c | 24 +++++++++++++++++------- source3/libgpo/gpext/security.c | 7 ++++++- source3/libsmb/samlogon_cache.c | 7 ++++++- source3/nmbd/nmbd_serverlistdb.c | 7 +++++++ source3/printing/printing.c | 15 +++++++++++++-- source3/printing/printing_db.c | 15 ++++++++++++--- source3/smbd/lanman.c | 11 +++++++++-- source3/utils/net_ads_gpo.c | 16 ++++++++++++---- 12 files changed, 118 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/util/ntstatus.h b/libcli/util/ntstatus.h index bb19234..325930f 100644 --- a/libcli/util/ntstatus.h +++ b/libcli/util/ntstatus.h @@ -1891,6 +1891,7 @@ typedef uint32_t NTSTATUS; #define NT_STATUS_VHD_CHILD_PARENT_SIZE_MISMATCH NT_STATUS(0xC03A0017) #define NT_STATUS_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED NT_STATUS(0xC03A0018) #define NT_STATUS_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT NT_STATUS(0xC03A0019) +#define NT_STATUS_VHD_SHARED NT_STATUS(0xC05CFF0A) /* I use NT_STATUS_FOOBAR when I have no idea what error code to use - * this means we need a torture test */ diff --git a/librpc/idl/ioctl.idl b/librpc/idl/ioctl.idl index 8248092..7760644 100644 --- a/librpc/idl/ioctl.idl +++ b/librpc/idl/ioctl.idl @@ -179,3 +179,12 @@ interface sparse file_zero_data_info info; } fsctl_set_zero_data_req; } + +interface resiliency +{ + /* 2.2.31.3 NETWORK_RESILIENCY_REQUEST */ + typedef [public] struct { + uint32 timeout; + uint32 reserved; + } network_resiliency_request; +} diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c index 3e67d9e..3192b45 100644 --- a/source3/lib/gencache.c +++ b/source3/lib/gencache.c @@ -65,6 +65,9 @@ static bool gencache_init(void) if (cache) return True; cache_fname = cache_path("gencache.tdb"); + if (cache_fname == NULL) { + return false; + } DEBUG(5, ("Opening cache file at %s\n", cache_fname)); @@ -101,6 +104,7 @@ static bool gencache_init(void) DEBUG(5, ("gencache_init: Opening cache file %s read-only.\n", cache_fname)); } } + TALLOC_FREE(cache_fname); if (!cache) { DEBUG(5, ("Attempt to open gencache.tdb has failed.\n")); @@ -108,6 +112,11 @@ static bool gencache_init(void) } cache_fname = lock_path("gencache_notrans.tdb"); + if (cache_fname == NULL) { + tdb_close(cache); + cache = NULL; + return false; + } DEBUG(5, ("Opening cache file at %s\n", cache_fname)); @@ -120,10 +129,12 @@ static bool gencache_init(void) if (cache_notrans == NULL) { DEBUG(5, ("Opening %s failed: %s\n", cache_fname, strerror(errno))); + TALLOC_FREE(cache_fname); tdb_close(cache); cache = NULL; return false; } + TALLOC_FREE(cache_fname); return True; } diff --git a/source3/libgpo/gpext/registry.c b/source3/libgpo/gpext/registry.c index b51bc30..a24485c 100644 --- a/source3/libgpo/gpext/registry.c +++ b/source3/libgpo/gpext/registry.c @@ -287,6 +287,10 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx, size_t num_entries = 0; char *unix_path = NULL; const struct GROUP_POLICY_OBJECT *gpo; + char *gpo_cache_path = cache_path(GPO_CACHE_DIR); + if (gpo_cache_path == NULL) { + return NT_STATUS_NO_MEMORY; + } /* implementation of the policy callback function, see * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx @@ -304,9 +308,11 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx, gpext_debug_header(0, "registry_process_group_policy", flags, gpo, GP_EXT_GUID_REGISTRY, NULL); - status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), + status = gpo_get_unix_path(mem_ctx, gpo_cache_path, gpo, &unix_path); - NT_STATUS_NOT_OK_RETURN(status); + if (!NT_STATUS_IS_OK(status)) { + goto err_cache_path_free; + } status = reg_parse_registry(mem_ctx, flags, @@ -316,7 +322,7 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("failed to parse registry: %s\n", nt_errstr(status))); - return status; + goto err_cache_path_free; } dump_reg_entries(flags, "READ", entries, num_entries); @@ -326,11 +332,15 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx, if (!W_ERROR_IS_OK(werr)) { DEBUG(0,("failed to apply registry: %s\n", win_errstr(werr))); - return werror_to_ntstatus(werr); + status = werror_to_ntstatus(werr); + goto err_cache_path_free; } } + status = NT_STATUS_OK; - return NT_STATUS_OK; +err_cache_path_free: + talloc_free(gpo_cache_path); + return status; } /**************************************************************** diff --git a/source3/libgpo/gpext/scripts.c b/source3/libgpo/gpext/scripts.c index e2841c0..da6f5cc 100644 --- a/source3/libgpo/gpext/scripts.c +++ b/source3/libgpo/gpext/scripts.c @@ -357,6 +357,10 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx, GP_SCRIPTS_INI_LOGOFF }; const struct GROUP_POLICY_OBJECT *gpo; + char *gpo_cache_path = cache_path(GPO_CACHE_DIR); + if (gpo_cache_path == NULL) { + return NT_STATUS_NO_MEMORY; + } /* implementation of the policy callback function, see * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx @@ -374,13 +378,17 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx, gpext_debug_header(0, "scripts_process_group_policy", flags, gpo, GP_EXT_GUID_SCRIPTS, NULL); - status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), + status = gpo_get_unix_path(mem_ctx, gpo_cache_path, gpo, &unix_path); - NT_STATUS_NOT_OK_RETURN(status); + if (!NT_STATUS_IS_OK(status)) { + goto err_cache_path_free; + } status = gp_inifile_init_context(mem_ctx, flags, unix_path, GP_SCRIPTS_INI, &ini_ctx); - NT_STATUS_NOT_OK_RETURN(status); + if (!NT_STATUS_IS_OK(status)) { + goto err_cache_path_free; + } for (i = 0; i < ARRAY_SIZE(list); i++) { @@ -394,7 +402,8 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx, } if (!NT_STATUS_IS_OK(status)) { - return status; + TALLOC_FREE(ini_ctx); + goto err_cache_path_free; } dump_reg_entries(flags, "READ", entries, num_entries); @@ -403,15 +412,16 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx, flags, list[i], gpo, entries, num_entries); if (!W_ERROR_IS_OK(werr)) { continue; /* FIXME: finally fix storing emtpy strings and REG_QWORD! */ - TALLOC_FREE(ini_ctx); - return werror_to_ntstatus(werr); } } TALLOC_FREE(ini_ctx); } + status = NT_STATUS_OK; - return NT_STATUS_OK; +err_cache_path_free: + talloc_free(gpo_cache_path); + return status; } /**************************************************************** diff --git a/source3/libgpo/gpext/security.c b/source3/libgpo/gpext/security.c index 5360222..2f46184 100644 --- a/source3/libgpo/gpext/security.c +++ b/source3/libgpo/gpext/security.c @@ -152,6 +152,10 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx, char *unix_path = NULL; struct gp_inifile_context *ini_ctx = NULL; const struct GROUP_POLICY_OBJECT *gpo; + char *gpo_cache_path = cache_path(GPO_CACHE_DIR); + if (gpo_cache_path == NULL) { + return NT_STATUS_NO_MEMORY; + } /* implementation of the policy callback function, see * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx @@ -172,7 +176,7 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx, /* this handler processes the gpttmpl files and merge output to the * registry */ - status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR), + status = gpo_get_unix_path(mem_ctx, gpo_cache_path, gpo, &unix_path); if (!NT_STATUS_IS_OK(status)) { goto out; @@ -198,6 +202,7 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx, nt_errstr(status))); } TALLOC_FREE(ini_ctx); + talloc_free(gpo_cache_path); return status; } diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c index 0a157d4..1f1ab1d 100644 --- a/source3/libsmb/samlogon_cache.c +++ b/source3/libsmb/samlogon_cache.c @@ -38,7 +38,7 @@ static TDB_CONTEXT *netsamlogon_tdb = NULL; bool netsamlogon_cache_init(void) { bool first_try = true; - const char *path = NULL; + char *path = NULL; int ret; struct tdb_context *tdb; @@ -47,6 +47,9 @@ bool netsamlogon_cache_init(void) } path = cache_path(NETSAMLOGON_TDB); + if (path == NULL) { + return false; + } again: tdb = tdb_open_log(path, 0, TDB_DEFAULT|TDB_INCOMPATIBLE_HASH, O_RDWR | O_CREAT, 0600); @@ -63,10 +66,12 @@ again: } netsamlogon_tdb = tdb; + talloc_free(path); return true; clear: if (!first_try) { + talloc_free(path); return false; } first_try = false; diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c index f697f05..56f400f 100644 --- a/source3/nmbd/nmbd_serverlistdb.c +++ b/source3/nmbd/nmbd_serverlistdb.c @@ -311,6 +311,7 @@ void write_browse_list(time_t t, bool force_write) fnamenew = talloc_asprintf(ctx, "%s.", fname); if (!fnamenew) { + talloc_free(fname); return; } @@ -319,6 +320,8 @@ void write_browse_list(time_t t, bool force_write) if (!fp) { DEBUG(0,("write_browse_list: Can't open file %s. Error was %s\n", fnamenew,strerror(errno))); + talloc_free(fnamenew); + talloc_free(fname); return; } @@ -331,6 +334,8 @@ void write_browse_list(time_t t, bool force_write) DEBUG(0,("write_browse_list: Fatal error - cannot find my workgroup %s\n", lp_workgroup())); x_fclose(fp); + talloc_free(fnamenew); + talloc_free(fname); return; } @@ -399,4 +404,6 @@ void write_browse_list(time_t t, bool force_write) chmod(fnamenew,0644); rename(fnamenew,fname); DEBUG(3,("write_browse_list: Wrote browse list into file %s\n",fname)); + talloc_free(fnamenew); + talloc_free(fname); } diff --git a/source3/printing/printing.c b/source3/printing/printing.c index dcfd2a2..d8b6191 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -198,17 +198,28 @@ bool print_backend_init(struct messaging_context *msg_ctx) int services = lp_numservices(); int snum; bool ok; + char *print_cache_path; if (!printer_list_parent_init()) { return false; } - ok = directory_create_or_exist(cache_path("printing"), 0755); + print_cache_path = cache_path("printing"); + if (print_cache_path == NULL) { + return false; + } + ok = directory_create_or_exist(print_cache_path, 0755); + TALLOC_FREE(print_cache_path); if (!ok) { return false; } - unlink(cache_path("printing.tdb")); + print_cache_path = cache_path("printing.tdb"); + if (print_cache_path == NULL) { + return false; + } + unlink(print_cache_path); + TALLOC_FREE(print_cache_path); /* handle a Samba upgrade */ diff --git a/source3/printing/printing_db.c b/source3/printing/printing_db.c index b721317..1a129ea 100644 --- a/source3/printing/printing_db.c +++ b/source3/printing/printing_db.c @@ -38,6 +38,8 @@ struct tdb_print_db *get_print_db_byname(const char *printername) int num_open = 0; char *printdb_path = NULL; bool done_become_root = False; + char *print_cache_path; + int ret; SMB_ASSERT(printername != NULL); @@ -93,9 +95,16 @@ struct tdb_print_db *get_print_db_byname(const char *printername) DLIST_ADD(print_db_head, p); } - if (asprintf(&printdb_path, "%s%s.tdb", - cache_path("printing/"), - printername) < 0) { + print_cache_path = cache_path("printing/"); + if (print_cache_path == NULL) { + DLIST_REMOVE(print_db_head, p); + SAFE_FREE(p); + return NULL; + } + ret = asprintf(&printdb_path, "%s%s.tdb", + print_cache_path, printername); + TALLOC_FREE(print_cache_path); + if (ret < 0) { DLIST_REMOVE(print_db_head, p); SAFE_FREE(p); return NULL; diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index ac4873d..641f161 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1226,12 +1226,19 @@ static int get_session_info(uint32 servertype, char **lines; bool local_list_only; int i; + char *slist_cache_path = cache_path(SERVER_LIST); + if (slist_cache_path == NULL) { + return 0; + } - lines = file_lines_load(cache_path(SERVER_LIST), NULL, 0, NULL); + lines = file_lines_load(slist_cache_path, NULL, 0, NULL); if (!lines) { - DEBUG(4,("Can't open %s - %s\n",cache_path(SERVER_LIST),strerror(errno))); + DEBUG(4, ("Can't open %s - %s\n", + slist_cache_path, strerror(errno))); + TALLOC_FREE(slist_cache_path); return 0; } + TALLOC_FREE(slist_cache_path); /* request for everything is code for request all servers */ if (servertype == SV_TYPE_ALL) { diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c index 79793b8..8b789e5 100644 --- a/source3/utils/net_ads_gpo.c +++ b/source3/utils/net_ads_gpo.c @@ -39,6 +39,7 @@ static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **arg struct GROUP_POLICY_OBJECT *gpo; NTSTATUS result; struct security_token *token = NULL; + char *gpo_cache_path; if (argc < 1 || c->display_usage) { d_printf("%s\n%s\n%s", @@ -99,10 +100,17 @@ static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **arg d_printf(_("finished\n")); d_printf(_("* Refreshing Group Policy Data ")); - if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx, - cache_path(GPO_CACHE_DIR), - flags, - gpo_list))) { + gpo_cache_path = cache_path(GPO_CACHE_DIR); + if (gpo_cache_path == NULL) { + d_printf(_("failed: %s\n"), nt_errstr(NT_STATUS_NO_MEMORY)); + goto out; + } + result = check_refresh_gpo_list(ads, mem_ctx, + gpo_cache_path, + flags, + gpo_list); + TALLOC_FREE(gpo_cache_path); + if (!NT_STATUS_IS_OK(result)) { d_printf(_("failed: %s\n"), nt_errstr(result)); goto out; } -- Samba Shared Repository