The branch, v4-2-test has been updated via 3bd8850 s3-netlogon: Make sure we do not deference a NULL pointer. via 9988930 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. from bba7796 s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test - Log ----------------------------------------------------------------- commit 3bd8850360931145d6015d69b14089c99b370780 Author: Andreas Schneider <a...@samba.org> Date: Mon Feb 16 10:59:23 2015 +0100 s3-netlogon: Make sure we do not deference a NULL pointer. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam <ob...@samba.org> Pair-Programmed-With: Andreas Schneider <a...@samba.org> Signed-off-by: Michael Adam <ob...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(v4-2-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-2-test): Mon Feb 23 23:07:35 CET 2015 on sn-devel-104 commit 9988930c3524bc0d4a641b04716b3e6389c696fa Author: Jeremy Allison <j...@samba.org> Date: Wed Jan 28 14:47:31 2015 -0800 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index fdcc847..b487c31 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1100,6 +1100,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, bool schannel_global_required = (lp_server_schannel() == true) ? true:false; struct loadparm_context *lp_ctx; + if (creds_out != NULL) { + *creds_out = NULL; + } + if (schannel_global_required) { status = schannel_check_required(&p->auth, computer_name, @@ -1257,7 +1261,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p, { NTSTATUS status = NT_STATUS_OK; int i; - struct netlogon_creds_CredentialState *creds; + struct netlogon_creds_CredentialState *creds = NULL; DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__)); @@ -1270,9 +1274,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p, unbecome_root(); if (!NT_STATUS_IS_OK(status)) { + const char *computer_name = "<unknown>"; + + if (creds != NULL && creds->computer_name != NULL) { + computer_name = creds->computer_name; + } DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", - r->in.computer_name, creds->computer_name)); + r->in.computer_name, computer_name)); TALLOC_FREE(creds); return status; } -- Samba Shared Repository