[SCM] Samba Shared Repository - branch master updated

Thu, 05 Jan 2023 10:01:21 -0800 

The branch, master has been updated
       via  dd86376294f smbd: Fix indentation
       via  17e9758b537 smbd: Fix CID 1518901 Logically dead code
       via  c1be654988a smbd: Fix CID 1518902 Use after free
      from  316b8fa4a8a nsswitch: remove winbind_nss_mutex

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit dd86376294fd4117521dd550165ee4943ae8bec1
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jan 5 15:17:44 2023 +0100

    smbd: Fix indentation
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>
    
    Autobuild-User(master): Ralph Böhme <s...@samba.org>
    Autobuild-Date(master): Thu Jan  5 18:00:17 UTC 2023 on sn-devel-184

commit 17e9758b537e3a43f4f290debdc2b812abb394ed
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jan 5 15:17:14 2023 +0100

    smbd: Fix CID 1518901 Logically dead code
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>

commit c1be654988a14ed5ac7fb337716cb8f41daebca1
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jan 5 15:11:10 2023 +0100

    smbd: Fix CID 1518902 Use after free
    
    The SMB_REALLOC macro properly deals with failure to realloc, so
    overwriting the target variable is correct here.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb1_trans2.c | 55 +++++++++++-----------------------------------
 1 file changed, 13 insertions(+), 42 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb1_trans2.c b/source3/smbd/smb1_trans2.c
index 815e529b231..336024c9456 100644
--- a/source3/smbd/smb1_trans2.c
+++ b/source3/smbd/smb1_trans2.c
@@ -2113,15 +2113,13 @@ static NTSTATUS smb_q_unix_basic(
        int *ptotal_data)
 {
        const int total_data = 100;
-       char *pdata = NULL;
 
-       pdata = SMB_REALLOC(*ppdata, total_data);
-       if (pdata == NULL) {
+       *ppdata = SMB_REALLOC(*ppdata, total_data);
+       if (*ppdata == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       store_file_unix_basic(conn, pdata, fsp, &smb_fname->st);
+       store_file_unix_basic(conn, *ppdata, fsp, &smb_fname->st);
 
-       *ppdata = pdata;
        *ptotal_data = total_data;
 
        return NT_STATUS_OK;
@@ -2136,15 +2134,13 @@ static NTSTATUS smb_q_unix_info2(
        int *ptotal_data)
 {
        const int total_data = 116;
-       char *pdata = NULL;
 
-       pdata = SMB_REALLOC(*ppdata, total_data);
-       if (pdata == NULL) {
+       *ppdata = SMB_REALLOC(*ppdata, total_data);
+       if (*ppdata == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       store_file_unix_basic_info2(conn, pdata, fsp, &smb_fname->st);
+       store_file_unix_basic_info2(conn, *ppdata, fsp, &smb_fname->st);
 
-       *ppdata = pdata;
        *ptotal_data = total_data;
 
        return NT_STATUS_OK;
@@ -2442,12 +2438,12 @@ static NTSTATUS smb_q_posix_acl(
        }
        size_needed += SMB_POSIX_ACL_HEADER_SIZE;
 
-       pdata = SMB_REALLOC(*ppdata, size_needed);
-       if (pdata == NULL) {
+       *ppdata = SMB_REALLOC(*ppdata, size_needed);
+       if (*ppdata == NULL) {
                status = NT_STATUS_NO_MEMORY;
                goto out;
        }
-       *ppdata = pdata;
+       pdata = *ppdata;
 
        SSVAL(pdata,0,SMB_POSIX_ACL_VERSION);
        SSVAL(pdata,2,num_file_acls);
@@ -2547,11 +2543,11 @@ static NTSTATUS smb_q_posix_symlink(
 
        needed = (link_len+1)*2;
 
-       pdata = SMB_REALLOC(*ppdata, needed);
-       if (pdata == NULL) {
+       *ppdata = SMB_REALLOC(*ppdata, needed);
+       if (*ppdata == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       *ppdata = pdata;
+       pdata = *ppdata;
 
        status = srvstr_push(
                pdata,
@@ -4413,7 +4409,6 @@ static void call_trans2setpathinfo(
        struct files_struct *fsp = NULL;
        char *params = *pparams;
        uint32_t ucf_flags = ucf_flags_from_smb_request(req);
-       bool require_existing_object = true;
        NTTIME twrp = 0;
        char *fname = NULL;
        bool info_level_handled;
@@ -4549,7 +4544,7 @@ static void call_trans2setpathinfo(
        case SMB_SET_POSIX_ACL:
                status = smb_set_posix_acl(
                        conn, req, *ppdata, total_data, NULL, smb_fname);
-                       break;
+               break;
        }
 
        if (info_level_handled) {
@@ -4571,30 +4566,6 @@ static void call_trans2setpathinfo(
         */
        fsp = smb_fname->fsp;
 
-       /*
-        * There are 4 info levels which can
-        * create a new object in the filesystem.
-        * They are:
-        * SMB_SET_FILE_UNIX_LINK -> creates POSIX symlink.
-        * SMB_POSIX_PATH_OPEN -> creates POSIX file or directory.
-        * SMB_SET_FILE_UNIX_BASIC:
-        * SMB_SET_FILE_UNIX_INFO2: can create a POSIX special file.
-        *
-        * These info levels do not require an existing object.
-        */
-       switch (info_level) {
-       case SMB_SET_FILE_UNIX_BASIC:
-       case SMB_SET_FILE_UNIX_INFO2:
-               require_existing_object = false;
-               break;
-       default:
-               break;
-       }
-
-       if (!VALID_STAT(smb_fname->st) && require_existing_object) {
-               reply_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
-       }
-
        status = smbd_do_setfilepathinfo(
                conn,
                req,


-- 
Samba Shared Repository

Reply via email to