svn commit: samba r24268 - in branches: SAMBA_3_2/source/smbd SAMBA_3_2_0/source/smbd

vlendec at samba.org vlendec at samba.org
Tue Aug 7 13:10:23 GMT 2007


Author: vlendec
Date: 2007-08-07 13:10:21 +0000 (Tue, 07 Aug 2007)
New Revision: 24268

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24268

Log:
Fix two crashes for spoolss

strlcpy does not like a NULL source. Fix a use-after-free.

Modified:
   branches/SAMBA_3_2/source/smbd/connection.c
   branches/SAMBA_3_2_0/source/smbd/connection.c


Changeset:
Modified: branches/SAMBA_3_2/source/smbd/connection.c
===================================================================
--- branches/SAMBA_3_2/source/smbd/connection.c	2007-08-07 11:50:03 UTC (rev 24267)
+++ branches/SAMBA_3_2/source/smbd/connection.c	2007-08-07 13:10:21 UTC (rev 24268)
@@ -206,7 +206,7 @@
 		doreg ? "adding" : "removing",
 		(unsigned int)msg_flags ));
 
-	if (!(rec = connections_fetch_entry(NULL, NULL, NULL))) {
+	if (!(rec = connections_fetch_entry(NULL, NULL, ""))) {
 		DEBUG(0, ("connections_fetch_entry failed\n"));
 		return False;
 	}
@@ -225,17 +225,18 @@
 
 	status = rec->store(rec, rec->value, TDB_REPLACE);
 
-	TALLOC_FREE(rec);
-
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("register_message_flags: tdb_store failed: %s.\n",
 			 nt_errstr(status)));
+		TALLOC_FREE(rec);
 		return False;
 	}
 
 	DEBUG(10,("register_message_flags: new flags 0x%x\n",
 		(unsigned int)pcrec->bcast_msg_flags ));
 
+	TALLOC_FREE(rec);
+
 	return True;
 }
 

Modified: branches/SAMBA_3_2_0/source/smbd/connection.c
===================================================================
--- branches/SAMBA_3_2_0/source/smbd/connection.c	2007-08-07 11:50:03 UTC (rev 24267)
+++ branches/SAMBA_3_2_0/source/smbd/connection.c	2007-08-07 13:10:21 UTC (rev 24268)
@@ -179,7 +179,7 @@
 		doreg ? "adding" : "removing",
 		(unsigned int)msg_flags ));
 
-	if (!(rec = connections_fetch_entry(NULL, NULL, NULL))) {
+	if (!(rec = connections_fetch_entry(NULL, NULL, ""))) {
 		DEBUG(0, ("connections_fetch_entry failed\n"));
 		return False;
 	}
@@ -198,17 +198,18 @@
 
 	status = rec->store(rec, rec->value, TDB_REPLACE);
 
-	TALLOC_FREE(rec);
-
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0,("register_message_flags: tdb_store failed: %s.\n",
 			 nt_errstr(status)));
+		TALLOC_FREE(rec);
 		return False;
 	}
 
 	DEBUG(10,("register_message_flags: new flags 0x%x\n",
 		(unsigned int)pcrec->bcast_msg_flags ));
 
+	TALLOC_FREE(rec);
+
 	return True;
 }
 



More information about the samba-cvs mailing list