The branch, master has been updated via 34f8ab774d1 s3/librpc/crypto: Fix double free with unresolved credential cache from 5e987e2f40e s3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 34f8ab774d1484b0e60dbdec8ad2a1607ad92122 Author: Noel Power <noel.po...@suse.com> Date: Tue Apr 14 11:21:22 2020 +0100 s3/librpc/crypto: Fix double free with unresolved credential cache We free gse_ctx->k5ctx but then free it again in the talloc dtor. This patch just lets the talloc dtor handle things and removes the extra krb5_free_context Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found) ==30762== Invalid read of size 8 ==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0x7945D2E: gse_context_destructor (gse.c:84) ==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157) ==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247) ==30762== by 0x646118D: _talloc_free (talloc.c:1789) ==30762== by 0x79462E4: gse_context_init (gse.c:241) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd ==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==30762== by 0x79462CA: gse_context_init (gse.c:238) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) ==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) ==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) ==30762== by 0xBC85622: gensec_update_send (gensec.c:449) ==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997) ==30762== Block was alloc'd at ==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597) ==30762== by 0x794615B: gse_context_init (gse.c:209) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) ==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) ==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) ==30762== BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344 Signed-off-by: Noel Power <noel.po...@suse.com> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Noel Power <npo...@samba.org> Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184 ----------------------------------------------------------------------- Summary of changes: source3/librpc/crypto/gse.c | 4 ---- 1 file changed, 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 6675f4dc597..1cf111bd974 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -244,10 +244,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; err_out: - if (gse_ctx->k5ctx) { - krb5_free_context(gse_ctx->k5ctx); - } - TALLOC_FREE(gse_ctx); return status; } -- Samba Shared Repository