The branch, master has been updated via 63552f1 winbind: Fix idmap initialization via 0cb9b28 s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(). from db63e48 vfs: Fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 63552f1c4c05a710143f12c2269754d0e547d945 Author: Volker Lendecke <v...@samba.org> Date: Thu Jan 22 12:08:52 2015 +0000 winbind: Fix idmap initialization The fix is in the sscanf line: %u in the sscanf format mandates the use of a pointer to an "unsigned". idmap_domain->[low|high]_id are uint32_t. On little endian 64-bit this might at least put the correct values into low_id and high_id, but might overwrite the read_only bit set earlier, depending on structure alignment and packing. On big endian 64-bit, this will just fail. Automatic conversion to uint32_t will happen only at assignment, not when you take a pointer of such a thing. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu Jan 22 17:58:16 CET 2015 on sn-devel-104 commit 0cb9b28acb7008cd30c6de3add9876eb5607a5a6 Author: Andreas Schneider <a...@samba.org> Date: Thu Jan 22 10:27:59 2015 +0100 s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11066 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/pam_smbpass/pam_smb_auth.c | 11 +++++++++-- source3/winbindd/idmap.c | 14 ++++++++------ 2 files changed, 17 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index ac5ef3f..1b8ae5e 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -41,14 +41,21 @@ #include "support.h" +static void ret_data_cleanup(pam_handle_t *pamh, void *data, int error_status) +{ + free(data); +} + #define AUTH_RETURN \ do { \ /* Restore application signal handler */ \ CatchSignal(SIGPIPE, oldsig_handler); \ if(ret_data) { \ *ret_data = retval; \ - pam_set_data( pamh, "smb_setcred_return" \ - , (void *) ret_data, NULL ); \ + pam_set_data(pamh, \ + "smb_setcred_return", \ + (void *)ret_data, \ + ret_data_cleanup); \ } \ TALLOC_FREE(frame); \ return retval; \ diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index a8beab7..841f710 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -172,6 +172,7 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, NTSTATUS status; char *config_option = NULL; const char *range; + unsigned low_id, high_id; result = talloc_zero(mem_ctx, struct idmap_domain); if (result == NULL) { @@ -230,23 +231,24 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx, result->name)); goto fail; } - } else if (sscanf(range, "%u - %u", &result->low_id, - &result->high_id) != 2) + } else if (sscanf(range, "%u - %u", &low_id, &high_id) != 2) { DEBUG(1, ("invalid range '%s' specified for domain " "'%s'\n", range, result->name)); if (check_range) { goto fail; } - } else if (result->low_id > result->high_id) { - DEBUG(1, ("Error: invalid idmap range detected: %lu - %lu\n", - (unsigned long)result->low_id, - (unsigned long)result->high_id)); + } else if (low_id > high_id) { + DEBUG(1, ("Error: invalid idmap range detected: %u - %u\n", + low_id, high_id)); if (check_range) { goto fail; } } + result->low_id = low_id; + result->high_id = high_id; + status = result->methods->init(result); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("idmap initialization returned %s\n", -- Samba Shared Repository