The branch, master has been updated
via 5c8032b s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv().
from 9f9c5d3 testprogs: Fix a typo in the net ads test
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5c8032b6b8ce4439b3ef8f43a62a419f081eb787
Author: Jeremy Allison <j...@samba.org>
Date: Wed Nov 29 09:21:30 2017 -0800
s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv().
cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
frees req, then uses the state pointer which was owned by req.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Böhme <s...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/cli_smb2_fnum.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 628b17b..78f61fb 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -449,8 +449,12 @@ NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req)
{
struct cli_smb2_close_fnum_state *state = tevent_req_data(
req, struct cli_smb2_close_fnum_state);
- NTSTATUS status = tevent_req_simple_recv_ntstatus(req);
- state->cli->raw_status = status;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ }
+ tevent_req_received(req);
return status;
}
--
Samba Shared Repository
