[SCM] Samba Shared Repository - branch v3-2-stable updated -
release-3-2-0rc2-34-g2dc66cb
Karolin Seeger
kseeger at samba.org
Tue Jun 17 14:35:52 GMT 2008
The branch, v3-2-stable has been updated
via 2dc66cb5813ef138ccea70fd7b9c9599a893e33a (commit)
via e41d7aa1d5bacf4ed95fb4a6be801db0aa1b15dd (commit)
via 067ab1f0f8b5829922586da4d5bb0ae9f181e9dc (commit)
via 962dd1d88156bc91604f156a1a4f248554dc3694 (commit)
from a36269082df58f7894f9c49596cf0b2bb6809b70 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -----------------------------------------------------------------
commit 2dc66cb5813ef138ccea70fd7b9c9599a893e33a
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 17 16:06:42 2008 +0200
Fix a memleak in svcctl_init_keys()
(cherry picked from commit 675bb53398ba29c53d2dcf3c7122cf4770c2f938)
commit e41d7aa1d5bacf4ed95fb4a6be801db0aa1b15dd
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 17 14:53:07 2008 +0200
Fix a segfault in wbcLookupSid
If the BAIL_ON_WBC_ERROR directly after wbcRequestResponse kicks in, *domain
and *name have not been initialized yet. So the cleanup routine in the done:
part of the routine (which did not check for domain!=NULL etc) would access
uninitialized memory.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 3d7e0cc40b1992f4555807acec4f00450e30e2de)
commit 067ab1f0f8b5829922586da4d5bb0ae9f181e9dc
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 17 15:17:22 2008 +0200
Fix a segfault in wbcLookupRids
The done: part could access uninitialized memory if intermediate
BAIL_ON_WBC_ERROR fire.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 31f4c33dcc744e81be54389756378e25aa2bb75e)
commit 962dd1d88156bc91604f156a1a4f248554dc3694
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 17 14:31:07 2008 +0200
Replace a very unusual variable declaration by a more conventional one
(cherry picked from commit b37030644e32249706d431ad93881d540f351c50)
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/libwbclient/wbc_sid.c | 87 +++++++++++++++++++--------------
source/services/services_db.c | 11 ++++-
2 files changed, 61 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/libwbclient/wbc_sid.c b/source/nsswitch/libwbclient/wbc_sid.c
index deec8e5..b090926 100644
--- a/source/nsswitch/libwbclient/wbc_sid.c
+++ b/source/nsswitch/libwbclient/wbc_sid.c
@@ -59,7 +59,7 @@ wbcErr wbcSidToString(const struct wbcDomainSid *sid,
BAIL_ON_PTR_ERROR(tmp, wbc_status);
for (i=0; i<sid->num_auths; i++) {
- char *tmp2 =
+ char *tmp2;
tmp2 = talloc_asprintf_append(tmp, "-%u", sid->sub_auths[i]);
BAIL_ON_PTR_ERROR(tmp2, wbc_status);
@@ -228,14 +228,17 @@ wbcErr wbcLookupName(const char *domain,
**/
wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
- char **domain,
- char **name,
- enum wbcSidType *name_type)
+ char **pdomain,
+ char **pname,
+ enum wbcSidType *pname_type)
{
struct winbindd_request request;
struct winbindd_response response;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
char *sid_string = NULL;
+ char *domain = NULL;
+ char *name = NULL;
+ enum wbcSidType name_type;
if (!sid) {
wbc_status = WBC_ERR_INVALID_PARAM;
@@ -264,28 +267,35 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
/* Copy out result */
- if (domain != NULL) {
- *domain = talloc_strdup(NULL, response.data.name.dom_name);
- BAIL_ON_PTR_ERROR((*domain), wbc_status);
- }
+ domain = talloc_strdup(NULL, response.data.name.dom_name);
+ BAIL_ON_PTR_ERROR(domain, wbc_status);
- if (name != NULL) {
- *name = talloc_strdup(NULL, response.data.name.name);
- BAIL_ON_PTR_ERROR((*name), wbc_status);
- }
+ name = talloc_strdup(NULL, response.data.name.name);
+ BAIL_ON_PTR_ERROR(name, wbc_status);
- if (name_type) {
- *name_type = (enum wbcSidType)response.data.name.type;
- }
+ name_type = (enum wbcSidType)response.data.name.type;
wbc_status = WBC_ERR_SUCCESS;
done:
- if (!WBC_ERROR_IS_OK(wbc_status)) {
- if (*domain)
- talloc_free(*domain);
- if (*name)
- talloc_free(*name);
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ if (pdomain != NULL) {
+ *pdomain = domain;
+ }
+ if (pname != NULL) {
+ *pname = name;
+ }
+ if (pname_type != NULL) {
+ *pname_type = name_type;
+ }
+ }
+ else {
+ if (name != NULL) {
+ talloc_free(name);
+ }
+ if (domain != NULL) {
+ talloc_free(domain);
+ }
}
return wbc_status;
@@ -299,8 +309,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
int num_rids,
uint32_t *rids,
const char **pp_domain_name,
- const char ***names,
- enum wbcSidType **types)
+ const char ***pnames,
+ enum wbcSidType **ptypes)
{
size_t i, len, ridbuf_size;
char *ridlist;
@@ -309,6 +319,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
struct winbindd_response response;
char *sid_string = NULL;
char *domain_name = NULL;
+ const char **names = NULL;
+ enum wbcSidType *types = NULL;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
/* Initialise request */
@@ -360,11 +372,11 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
domain_name = talloc_strdup(NULL, response.data.domain_name);
BAIL_ON_PTR_ERROR(domain_name, wbc_status);
- *names = talloc_array(NULL, const char*, num_rids);
- BAIL_ON_PTR_ERROR((*names), wbc_status);
+ names = talloc_array(NULL, const char*, num_rids);
+ BAIL_ON_PTR_ERROR(names, wbc_status);
- *types = talloc_array(NULL, enum wbcSidType, num_rids);
- BAIL_ON_PTR_ERROR((*types), wbc_status);
+ types = talloc_array(NULL, enum wbcSidType, num_rids);
+ BAIL_ON_PTR_ERROR(types, wbc_status);
p = (char *)response.extra_data.data;
@@ -376,7 +388,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
BAIL_ON_WBC_ERROR(wbc_status);
}
- (*types)[i] = (enum wbcSidType)strtoul(p, &q, 10);
+ types[i] = (enum wbcSidType)strtoul(p, &q, 10);
if (*q != ' ') {
wbc_status = WBC_ERR_INVALID_RESPONSE;
@@ -392,8 +404,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
*q = '\0';
- (*names)[i] = talloc_strdup((*names), p);
- BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status);
+ names[i] = talloc_strdup(names, p);
+ BAIL_ON_PTR_ERROR(names[i], wbc_status);
p = q+1;
}
@@ -410,15 +422,18 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
free(response.extra_data.data);
}
- if (!WBC_ERROR_IS_OK(wbc_status)) {
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ *pp_domain_name = domain_name;
+ *pnames = names;
+ *ptypes = types;
+ }
+ else {
if (domain_name)
talloc_free(domain_name);
- if (*names)
- talloc_free(*names);
- if (*types)
- talloc_free(*types);
- } else {
- *pp_domain_name = domain_name;
+ if (names)
+ talloc_free(names);
+ if (types)
+ talloc_free(types);
}
return wbc_status;
diff --git a/source/services/services_db.c b/source/services/services_db.c
index 620b036..ae9fe1a 100644
--- a/source/services/services_db.c
+++ b/source/services/services_db.c
@@ -447,15 +447,22 @@ void svcctl_init_keys( void )
REGSUBKEY_CTR *subkeys;
REGISTRY_KEY *key = NULL;
WERROR wresult;
+ struct nt_user_token *token = get_root_nt_token();
+
+ if (token == NULL) {
+ DEBUG(0, ("svcctl_init_keys: get_root_nt_token failed\n"));
+ return;
+ }
/* bad mojo here if the lookup failed. Should not happen */
wresult = regkey_open_internal( NULL, &key, KEY_SERVICES,
- get_root_nt_token(), REG_KEY_ALL );
+ token, REG_KEY_ALL );
if ( !W_ERROR_IS_OK(wresult) ) {
DEBUG(0,("svcctl_init_keys: key lookup failed! (%s)\n",
dos_errstr(wresult)));
+ TALLOC_FREE(token);
return;
}
@@ -464,6 +471,7 @@ void svcctl_init_keys( void )
if ( !(subkeys = TALLOC_ZERO_P( key, REGSUBKEY_CTR )) ) {
DEBUG(0,("svcctl_init_keys: talloc() failed!\n"));
TALLOC_FREE( key );
+ TALLOC_FREE(token);
return;
}
@@ -486,6 +494,7 @@ void svcctl_init_keys( void )
}
TALLOC_FREE( key );
+ TALLOC_FREE(token);
/* initialize the control hooks */
--
Samba Shared Repository
More information about the samba-cvs
mailing list