The branch, v4-2-test has been updated
via 3bd8850 s3-netlogon: Make sure we do not deference a NULL pointer.
via 9988930 CVE-2015-0240: s3: netlogon: Ensure we don't call
talloc_free on an uninitialized pointer.
from bba7796 s3: smbd: SMB2 close. If a file has delete on close, store
the return info before deleting.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test
- Log -----------------------------------------------------------------
commit 3bd8850360931145d6015d69b14089c99b370780
Author: Andreas Schneider <a...@samba.org>
Date: Mon Feb 16 10:59:23 2015 +0100
s3-netlogon: Make sure we do not deference a NULL pointer.
This is an additional patch for CVE-2015-0240.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
Pair-Programmed-With: Michael Adam <ob...@samba.org>
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Michael Adam <ob...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-2-test): Mon Feb 23 23:07:35 CET 2015 on sn-devel-104
commit 9988930c3524bc0d4a641b04716b3e6389c696fa
Author: Jeremy Allison <j...@samba.org>
Date: Wed Jan 28 14:47:31 2015 -0800
CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an
uninitialized pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c
b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fdcc847..b487c31 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1100,6 +1100,10 @@ static NTSTATUS netr_creds_server_step_check(struct
pipes_struct *p,
bool schannel_global_required = (lp_server_schannel() == true) ?
true:false;
struct loadparm_context *lp_ctx;
+ if (creds_out != NULL) {
+ *creds_out = NULL;
+ }
+
if (schannel_global_required) {
status = schannel_check_required(&p->auth,
computer_name,
@@ -1257,7 +1261,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
{
NTSTATUS status = NT_STATUS_OK;
int i;
- struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds = NULL;
DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
@@ -1270,9 +1274,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
+ const char *computer_name = "<unknown>";
+
+ if (creds != NULL && creds->computer_name != NULL) {
+ computer_name = creds->computer_name;
+ }
DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step
failed. Rejecting auth "
"request from client %s machine account %s\n",
- r->in.computer_name, creds->computer_name));
+ r->in.computer_name, computer_name));
TALLOC_FREE(creds);
return status;
}
--
Samba Shared Repository
