The branch, master has been updated via 4a8b588 gensec_krb5: Do not leak memory of target_principal via 1cbdfe9 Revert "krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()" via 016f499 dsdb: Do not use free'd memory. via dce3f1f util: Fix the documentation of push_utf8_talloc() from 0ab3263 dbcheck: assert uSNChanged values in release-4-5-0-pre1
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 4a8b588dc081ff8931eb405076cd237ab4728ac0 Author: Andreas Schneider <a...@samba.org> Date: Tue Sep 6 12:09:47 2016 +0200 gensec_krb5: Do not leak memory of target_principal CID 1372504 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Sep 9 04:20:04 CEST 2016 on sn-devel-144 commit 1cbdfe91fe0d835ddfcaa7fd4bd0311209c8c25c Author: Andreas Schneider <a...@samba.org> Date: Fri Sep 2 10:53:41 2016 +0200 Revert "krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()" This reverts commit c0e861666911d84f2d78cdab370077d9ac192005. The krb5_init_keyblock function from MIT allocates the key but we operate only on the contents. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 016f49997cddb7d0dcd8ea4a1ae721a105f6f62b Author: Andreas Schneider <a...@samba.org> Date: Tue Sep 6 11:08:04 2016 +0200 dsdb: Do not use free'd memory. The msg has already been free'd at this point so we need to print the user_dn which gets assigned to msg->dn. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit dce3f1fc60bde8b54180b45abdcfaaa9beb8e416 Author: Andreas Schneider <a...@samba.org> Date: Wed Sep 7 15:15:00 2016 +0200 util: Fix the documentation of push_utf8_talloc() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/krb5_wrap/krb5_samba.c | 16 ---------------- lib/util/charset/pull_push.c | 25 +++++++++++++++++-------- source4/auth/gensec/gensec_krb5.c | 7 ++++--- source4/dsdb/common/util.c | 2 +- 4 files changed, 22 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 841e3f8..dcd6185 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -1638,22 +1638,6 @@ krb5_error_code smb_krb5_keyblock_init_contents(krb5_context context, { #if defined(HAVE_KRB5_KEYBLOCK_INIT) return krb5_keyblock_init(context, enctype, data, length, key); -#elif defined(HAVE_KRB5_INIT_KEYBLOCK) - krb5_error_code code; - - code = krb5_init_keyblock(context, - enctype, - length, - key); - if (code != 0) { - return code; - } - - if (length != 0) { - memcpy(KRB5_KEY_DATA(key), data, length); - } - - return 0; #else memset(key, 0, sizeof(krb5_keyblock)); KRB5_KEY_DATA(key) = SMB_MALLOC(length); diff --git a/lib/util/charset/pull_push.c b/lib/util/charset/pull_push.c index b7a5bcd..cf25efa 100644 --- a/lib/util/charset/pull_push.c +++ b/lib/util/charset/pull_push.c @@ -46,16 +46,25 @@ bool push_ucs2_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src, } /** - * Copy a string from a unix char* src to a UTF-8 destination, allocating a buffer using talloc + * @brief Create a UTF-8 string from a unix charset string. * - * @param dest always set at least to NULL - * @parm converted_size set to the number of bytes occupied by the string in - * the destination on success. + * The resulting UTF-8 string is talloc'ed. * - * @return true if new buffer was correctly allocated, and string was - * converted. - **/ - + * @param[in] ctx The talloc memory context. + * + * @param[in] dest A pointer to store the pointer to the talloc'ed UTF-8 + * string. + * + * @param[in] src The unix charset string to convert. + * + * @param[in] converted_size A pointer to store the length of the talloc'ed + * UTF-8 string including the nul-termination bytes. + * + * The destination string should be free'd using talloc_free() if no longer + * needed. + * + * @return True on succcess, false otherwise. + */ bool push_utf8_talloc(TALLOC_CTX *ctx, char **dest, const char *src, size_t *converted_size) { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 404ffaf..1dcbb91 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -339,12 +339,16 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s ccache_container->ccache, &this_cred.client); if (ret != 0) { + krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context, + target_principal); return NT_STATUS_UNSUCCESSFUL; } ret = krb5_copy_principal(gensec_krb5_state->smb_krb5_context->krb5_context, target_principal, &this_cred.server); + krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context, + target_principal); if (ret != 0) { krb5_free_cred_contents(gensec_krb5_state->smb_krb5_context->krb5_context, &this_cred); @@ -369,9 +373,6 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s in_data_p, cred, &gensec_krb5_state->enc_ticket); - - krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context, - target_principal); } } else { ret = krb5_mk_req(gensec_krb5_state->smb_krb5_context->krb5_context, diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 448b20a..d1777b3 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2339,7 +2339,7 @@ static NTSTATUS samdb_set_password_internal(struct ldb_context *ldb, TALLOC_CTX status = NT_STATUS_ACCESS_DENIED; } else if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to set password on %s: %s\n", - ldb_dn_get_linearized(msg->dn), + ldb_dn_get_linearized(user_dn), ldb_errstring(ldb))); status = NT_STATUS_UNSUCCESSFUL; } -- Samba Shared Repository