The branch, master has been updated
via 8cc41b0 lanman: don't leak cache_path onto talloc tos
via 3c85465 samlogon_cache: don't leak cache_path onto talloc tos
via 21ed805 nmbd: don't leak cache_path onto talloc tos
via 58b18e2 printing: don't leak cache_path onto talloc tos
via 3c592ea gpo: don't leak cache_path onto talloc tos
via e8ee9bb gencache: don't leak cache_path onto talloc tos
via e4c27cb Add a status code for VHD support gleaned from some Win8.1
stuff.
via 3450347 Add a definition of the NETWORK_RESILIENCY_REQUEST so I can
write a torture test for it.
from 92ca4f5 winbindd: Do not overwrite domain list with conflicting
info from a trusted domain
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8cc41b027769b659d1b1503f0fd33ca7d3c3eb9b
Author: David Disseldorp <dd...@samba.org>
Date: Mon Oct 6 18:21:18 2014 +0200
lanman: don't leak cache_path onto talloc tos
Also check for allocation failures.
Reported-by: Franz Pförtsch <franz.pfoert...@brose.com>
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Mon Oct 6 21:41:22 CEST 2014 on sn-devel-104
commit 3c854657531ac73ce5e3148e35844e3c8130fe37
Author: David Disseldorp <dd...@samba.org>
Date: Mon Oct 6 18:21:17 2014 +0200
samlogon_cache: don't leak cache_path onto talloc tos
Also check for allocation failures.
Reported-by: Franz Pförtsch <franz.pfoert...@brose.com>
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 21ed8058d2e295e93c9df8e954de28478a060e94
Author: David Disseldorp <dd...@samba.org>
Date: Mon Oct 6 18:21:16 2014 +0200
nmbd: don't leak cache_path onto talloc tos
Reported-by: Franz Pförtsch <franz.pfoert...@brose.com>
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 58b18e23e9de221e80fe978366ef05b65312919b
Author: David Disseldorp <dd...@samba.org>
Date: Mon Oct 6 18:21:15 2014 +0200
printing: don't leak cache_path onto talloc tos
Also check for allocation failures.
Reported-by: Franz Pförtsch <franz.pfoert...@brose.com>
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 3c592eaac6db32843cde480226424e71312a853f
Author: David Disseldorp <dd...@samba.org>
Date: Mon Oct 6 18:21:14 2014 +0200
gpo: don't leak cache_path onto talloc tos
Also check for allocation failures.
Reported-by: Franz Pförtsch <franz.pfoert...@brose.com>
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit e8ee9bb66e765433e94f03d46ccb66459bb5fc3f
Author: David Disseldorp <dd...@samba.org>
Date: Mon Oct 6 18:21:13 2014 +0200
gencache: don't leak cache_path onto talloc tos
Also check for allocation failures.
Reported-by: Franz Pförtsch <franz.pfoert...@brose.com>
Signed-off-by: David Disseldorp <dd...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit e4c27cb4bb7e2caa0296c79746d0eff8d34036fa
Author: Richard Sharpe <realrichardsha...@gmail.com>
Date: Sat Oct 4 12:06:10 2014 -0700
Add a status code for VHD support gleaned from some Win8.1 stuff.
Signed-off-by: Richard Sharpe (rsha...@samba.org)
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 3450347c8e7b0d725d58397161b2a9a16de99872
Author: Richard Sharpe <realrichardsha...@gmail.com>
Date: Sat Oct 4 19:05:03 2014 -0700
Add a definition of the NETWORK_RESILIENCY_REQUEST so I can write a torture
test for it.
Signed-off-by: Richard Sharpe <rsha...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/util/ntstatus.h | 1 +
librpc/idl/ioctl.idl | 9 +++++++++
source3/lib/gencache.c | 11 +++++++++++
source3/libgpo/gpext/registry.c | 20 +++++++++++++++-----
source3/libgpo/gpext/scripts.c | 24 +++++++++++++++++-------
source3/libgpo/gpext/security.c | 7 ++++++-
source3/libsmb/samlogon_cache.c | 7 ++++++-
source3/nmbd/nmbd_serverlistdb.c | 7 +++++++
source3/printing/printing.c | 15 +++++++++++++--
source3/printing/printing_db.c | 15 ++++++++++++---
source3/smbd/lanman.c | 11 +++++++++--
source3/utils/net_ads_gpo.c | 16 ++++++++++++----
12 files changed, 118 insertions(+), 25 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/util/ntstatus.h b/libcli/util/ntstatus.h
index bb19234..325930f 100644
--- a/libcli/util/ntstatus.h
+++ b/libcli/util/ntstatus.h
@@ -1891,6 +1891,7 @@ typedef uint32_t NTSTATUS;
#define NT_STATUS_VHD_CHILD_PARENT_SIZE_MISMATCH NT_STATUS(0xC03A0017)
#define NT_STATUS_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED NT_STATUS(0xC03A0018)
#define NT_STATUS_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT NT_STATUS(0xC03A0019)
+#define NT_STATUS_VHD_SHARED NT_STATUS(0xC05CFF0A)
/* I use NT_STATUS_FOOBAR when I have no idea what error code to use -
* this means we need a torture test */
diff --git a/librpc/idl/ioctl.idl b/librpc/idl/ioctl.idl
index 8248092..7760644 100644
--- a/librpc/idl/ioctl.idl
+++ b/librpc/idl/ioctl.idl
@@ -179,3 +179,12 @@ interface sparse
file_zero_data_info info;
} fsctl_set_zero_data_req;
}
+
+interface resiliency
+{
+ /* 2.2.31.3 NETWORK_RESILIENCY_REQUEST */
+ typedef [public] struct {
+ uint32 timeout;
+ uint32 reserved;
+ } network_resiliency_request;
+}
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index 3e67d9e..3192b45 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -65,6 +65,9 @@ static bool gencache_init(void)
if (cache) return True;
cache_fname = cache_path("gencache.tdb");
+ if (cache_fname == NULL) {
+ return false;
+ }
DEBUG(5, ("Opening cache file at %s\n", cache_fname));
@@ -101,6 +104,7 @@ static bool gencache_init(void)
DEBUG(5, ("gencache_init: Opening cache file %s
read-only.\n", cache_fname));
}
}
+ TALLOC_FREE(cache_fname);
if (!cache) {
DEBUG(5, ("Attempt to open gencache.tdb has failed.\n"));
@@ -108,6 +112,11 @@ static bool gencache_init(void)
}
cache_fname = lock_path("gencache_notrans.tdb");
+ if (cache_fname == NULL) {
+ tdb_close(cache);
+ cache = NULL;
+ return false;
+ }
DEBUG(5, ("Opening cache file at %s\n", cache_fname));
@@ -120,10 +129,12 @@ static bool gencache_init(void)
if (cache_notrans == NULL) {
DEBUG(5, ("Opening %s failed: %s\n", cache_fname,
strerror(errno)));
+ TALLOC_FREE(cache_fname);
tdb_close(cache);
cache = NULL;
return false;
}
+ TALLOC_FREE(cache_fname);
return True;
}
diff --git a/source3/libgpo/gpext/registry.c b/source3/libgpo/gpext/registry.c
index b51bc30..a24485c 100644
--- a/source3/libgpo/gpext/registry.c
+++ b/source3/libgpo/gpext/registry.c
@@ -287,6 +287,10 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX
*mem_ctx,
size_t num_entries = 0;
char *unix_path = NULL;
const struct GROUP_POLICY_OBJECT *gpo;
+ char *gpo_cache_path = cache_path(GPO_CACHE_DIR);
+ if (gpo_cache_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* implementation of the policy callback function, see
* http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
@@ -304,9 +308,11 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX
*mem_ctx,
gpext_debug_header(0, "registry_process_group_policy", flags,
gpo, GP_EXT_GUID_REGISTRY, NULL);
- status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+ status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
gpo, &unix_path);
- NT_STATUS_NOT_OK_RETURN(status);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_cache_path_free;
+ }
status = reg_parse_registry(mem_ctx,
flags,
@@ -316,7 +322,7 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX
*mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("failed to parse registry: %s\n",
nt_errstr(status)));
- return status;
+ goto err_cache_path_free;
}
dump_reg_entries(flags, "READ", entries, num_entries);
@@ -326,11 +332,15 @@ static NTSTATUS registry_process_group_policy(TALLOC_CTX
*mem_ctx,
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("failed to apply registry: %s\n",
win_errstr(werr)));
- return werror_to_ntstatus(werr);
+ status = werror_to_ntstatus(werr);
+ goto err_cache_path_free;
}
}
+ status = NT_STATUS_OK;
- return NT_STATUS_OK;
+err_cache_path_free:
+ talloc_free(gpo_cache_path);
+ return status;
}
/****************************************************************
diff --git a/source3/libgpo/gpext/scripts.c b/source3/libgpo/gpext/scripts.c
index e2841c0..da6f5cc 100644
--- a/source3/libgpo/gpext/scripts.c
+++ b/source3/libgpo/gpext/scripts.c
@@ -357,6 +357,10 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX
*mem_ctx,
GP_SCRIPTS_INI_LOGOFF
};
const struct GROUP_POLICY_OBJECT *gpo;
+ char *gpo_cache_path = cache_path(GPO_CACHE_DIR);
+ if (gpo_cache_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* implementation of the policy callback function, see
* http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
@@ -374,13 +378,17 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX
*mem_ctx,
gpext_debug_header(0, "scripts_process_group_policy", flags,
gpo, GP_EXT_GUID_SCRIPTS, NULL);
- status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+ status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
gpo, &unix_path);
- NT_STATUS_NOT_OK_RETURN(status);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_cache_path_free;
+ }
status = gp_inifile_init_context(mem_ctx, flags, unix_path,
GP_SCRIPTS_INI, &ini_ctx);
- NT_STATUS_NOT_OK_RETURN(status);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_cache_path_free;
+ }
for (i = 0; i < ARRAY_SIZE(list); i++) {
@@ -394,7 +402,8 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX
*mem_ctx,
}
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ TALLOC_FREE(ini_ctx);
+ goto err_cache_path_free;
}
dump_reg_entries(flags, "READ", entries, num_entries);
@@ -403,15 +412,16 @@ static NTSTATUS scripts_process_group_policy(TALLOC_CTX
*mem_ctx,
flags, list[i], gpo, entries,
num_entries);
if (!W_ERROR_IS_OK(werr)) {
continue; /* FIXME: finally fix storing emtpy
strings and REG_QWORD! */
- TALLOC_FREE(ini_ctx);
- return werror_to_ntstatus(werr);
}
}
TALLOC_FREE(ini_ctx);
}
+ status = NT_STATUS_OK;
- return NT_STATUS_OK;
+err_cache_path_free:
+ talloc_free(gpo_cache_path);
+ return status;
}
/****************************************************************
diff --git a/source3/libgpo/gpext/security.c b/source3/libgpo/gpext/security.c
index 5360222..2f46184 100644
--- a/source3/libgpo/gpext/security.c
+++ b/source3/libgpo/gpext/security.c
@@ -152,6 +152,10 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX
*mem_ctx,
char *unix_path = NULL;
struct gp_inifile_context *ini_ctx = NULL;
const struct GROUP_POLICY_OBJECT *gpo;
+ char *gpo_cache_path = cache_path(GPO_CACHE_DIR);
+ if (gpo_cache_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* implementation of the policy callback function, see
* http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
@@ -172,7 +176,7 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX
*mem_ctx,
/* this handler processes the gpttmpl files and merge output to
the
* registry */
- status = gpo_get_unix_path(mem_ctx, cache_path(GPO_CACHE_DIR),
+ status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
gpo, &unix_path);
if (!NT_STATUS_IS_OK(status)) {
goto out;
@@ -198,6 +202,7 @@ static NTSTATUS security_process_group_policy(TALLOC_CTX
*mem_ctx,
nt_errstr(status)));
}
TALLOC_FREE(ini_ctx);
+ talloc_free(gpo_cache_path);
return status;
}
diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
index 0a157d4..1f1ab1d 100644
--- a/source3/libsmb/samlogon_cache.c
+++ b/source3/libsmb/samlogon_cache.c
@@ -38,7 +38,7 @@ static TDB_CONTEXT *netsamlogon_tdb = NULL;
bool netsamlogon_cache_init(void)
{
bool first_try = true;
- const char *path = NULL;
+ char *path = NULL;
int ret;
struct tdb_context *tdb;
@@ -47,6 +47,9 @@ bool netsamlogon_cache_init(void)
}
path = cache_path(NETSAMLOGON_TDB);
+ if (path == NULL) {
+ return false;
+ }
again:
tdb = tdb_open_log(path, 0, TDB_DEFAULT|TDB_INCOMPATIBLE_HASH,
O_RDWR | O_CREAT, 0600);
@@ -63,10 +66,12 @@ again:
}
netsamlogon_tdb = tdb;
+ talloc_free(path);
return true;
clear:
if (!first_try) {
+ talloc_free(path);
return false;
}
first_try = false;
diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
index f697f05..56f400f 100644
--- a/source3/nmbd/nmbd_serverlistdb.c
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -311,6 +311,7 @@ void write_browse_list(time_t t, bool force_write)
fnamenew = talloc_asprintf(ctx, "%s.",
fname);
if (!fnamenew) {
+ talloc_free(fname);
return;
}
@@ -319,6 +320,8 @@ void write_browse_list(time_t t, bool force_write)
if (!fp) {
DEBUG(0,("write_browse_list: Can't open file %s. Error was
%s\n",
fnamenew,strerror(errno)));
+ talloc_free(fnamenew);
+ talloc_free(fname);
return;
}
@@ -331,6 +334,8 @@ void write_browse_list(time_t t, bool force_write)
DEBUG(0,("write_browse_list: Fatal error - cannot find my
workgroup %s\n",
lp_workgroup()));
x_fclose(fp);
+ talloc_free(fnamenew);
+ talloc_free(fname);
return;
}
@@ -399,4 +404,6 @@ void write_browse_list(time_t t, bool force_write)
chmod(fnamenew,0644);
rename(fnamenew,fname);
DEBUG(3,("write_browse_list: Wrote browse list into file %s\n",fname));
+ talloc_free(fnamenew);
+ talloc_free(fname);
}
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index dcfd2a2..d8b6191 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -198,17 +198,28 @@ bool print_backend_init(struct messaging_context *msg_ctx)
int services = lp_numservices();
int snum;
bool ok;
+ char *print_cache_path;
if (!printer_list_parent_init()) {
return false;
}
- ok = directory_create_or_exist(cache_path("printing"), 0755);
+ print_cache_path = cache_path("printing");
+ if (print_cache_path == NULL) {
+ return false;
+ }
+ ok = directory_create_or_exist(print_cache_path, 0755);
+ TALLOC_FREE(print_cache_path);
if (!ok) {
return false;
}
- unlink(cache_path("printing.tdb"));
+ print_cache_path = cache_path("printing.tdb");
+ if (print_cache_path == NULL) {
+ return false;
+ }
+ unlink(print_cache_path);
+ TALLOC_FREE(print_cache_path);
/* handle a Samba upgrade */
diff --git a/source3/printing/printing_db.c b/source3/printing/printing_db.c
index b721317..1a129ea 100644
--- a/source3/printing/printing_db.c
+++ b/source3/printing/printing_db.c
@@ -38,6 +38,8 @@ struct tdb_print_db *get_print_db_byname(const char
*printername)
int num_open = 0;
char *printdb_path = NULL;
bool done_become_root = False;
+ char *print_cache_path;
+ int ret;
SMB_ASSERT(printername != NULL);
@@ -93,9 +95,16 @@ struct tdb_print_db *get_print_db_byname(const char
*printername)
DLIST_ADD(print_db_head, p);
}
- if (asprintf(&printdb_path, "%s%s.tdb",
- cache_path("printing/"),
- printername) < 0) {
+ print_cache_path = cache_path("printing/");
+ if (print_cache_path == NULL) {
+ DLIST_REMOVE(print_db_head, p);
+ SAFE_FREE(p);
+ return NULL;
+ }
+ ret = asprintf(&printdb_path, "%s%s.tdb",
+ print_cache_path, printername);
+ TALLOC_FREE(print_cache_path);
+ if (ret < 0) {
DLIST_REMOVE(print_db_head, p);
SAFE_FREE(p);
return NULL;
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index ac4873d..641f161 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1226,12 +1226,19 @@ static int get_session_info(uint32 servertype,
char **lines;
bool local_list_only;
int i;
+ char *slist_cache_path = cache_path(SERVER_LIST);
+ if (slist_cache_path == NULL) {
+ return 0;
+ }
- lines = file_lines_load(cache_path(SERVER_LIST), NULL, 0, NULL);
+ lines = file_lines_load(slist_cache_path, NULL, 0, NULL);
if (!lines) {
- DEBUG(4,("Can't open %s -
%s\n",cache_path(SERVER_LIST),strerror(errno)));
+ DEBUG(4, ("Can't open %s - %s\n",
+ slist_cache_path, strerror(errno)));
+ TALLOC_FREE(slist_cache_path);
return 0;
}
+ TALLOC_FREE(slist_cache_path);
/* request for everything is code for request all servers */
if (servertype == SV_TYPE_ALL) {
diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c
index 79793b8..8b789e5 100644
--- a/source3/utils/net_ads_gpo.c
+++ b/source3/utils/net_ads_gpo.c
@@ -39,6 +39,7 @@ static int net_ads_gpo_refresh(struct net_context *c, int
argc, const char **arg
struct GROUP_POLICY_OBJECT *gpo;
NTSTATUS result;
struct security_token *token = NULL;
+ char *gpo_cache_path;
if (argc < 1 || c->display_usage) {
d_printf("%s\n%s\n%s",
@@ -99,10 +100,17 @@ static int net_ads_gpo_refresh(struct net_context *c, int
argc, const char **arg
d_printf(_("finished\n"));
d_printf(_("* Refreshing Group Policy Data "));
- if (!NT_STATUS_IS_OK(result = check_refresh_gpo_list(ads, mem_ctx,
-
cache_path(GPO_CACHE_DIR),
- flags,
- gpo_list))) {
+ gpo_cache_path = cache_path(GPO_CACHE_DIR);
+ if (gpo_cache_path == NULL) {
+ d_printf(_("failed: %s\n"), nt_errstr(NT_STATUS_NO_MEMORY));
+ goto out;
+ }
+ result = check_refresh_gpo_list(ads, mem_ctx,
+ gpo_cache_path,
+ flags,
+ gpo_list);
+ TALLOC_FREE(gpo_cache_path);
+ if (!NT_STATUS_IS_OK(result)) {
d_printf(_("failed: %s\n"), nt_errstr(result));
goto out;
}
--
Samba Shared Repository
