[SCM] Samba Shared Repository - branch master updated

Andrew Tridgell tridge at samba.org
Mon Dec 7 18:39:59 MST 2009 

The branch, master has been updated
       via  978dc61... s4-selftest: don't consider spoolss failures to be an error in s4
       via  f1d9382... s4/smbstreams: Fix memory use after free.
       via  bf7cc32... krb5: Fix leaked hx509_context pointer
       via  4653d05... tdr-test: Fix 'push_charset' test
       via  8efabcc... talloc: Fix write behind memory block
      from  105eb95... s4 quicktest: exclude raw-streams from quicktest until bug is fixed

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 978dc61b5682a9a3cc27474f22b94ea9745ad838
Author: Andrew Tridgell <tridge at samba.org>
Date:   Tue Dec 8 12:37:17 2009 +1100

    s4-selftest: don't consider spoolss failures to be an error in s4

commit f1d9382b18fbf4b9428759cdeea3894b7871e236
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date:   Sun Dec 6 01:59:42 2009 +0200

    s4/smbstreams: Fix memory use after free.
    
    The bug is that sometimes 'streams' is parent for 'new_name'.
    With this said, 'new_name' must be dupped before 'streams'
    pointer is freed.
    
    Signed-off-by: Andrew Tridgell <tridge at samba.org>

commit bf7cc3262e3cbd72a3603d3c648fccfe7ce9829f
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date:   Sun Dec 6 04:05:45 2009 +0200

    krb5: Fix leaked hx509_context pointer
    
    Signed-off-by: Andrew Tridgell <tridge at samba.org>

commit 4653d05fef15944e550fafe7c31961dbf007fd95
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date:   Sun Dec 6 03:18:11 2009 +0200

    tdr-test: Fix 'push_charset' test
    
    4 bytes of 'bloe' string are pushed, so we should
    check only for the first 4 caracters
    
    Signed-off-by: Andrew Tridgell <tridge at samba.org>

commit 8efabcc8a5dcd83deed8ef8e17826a1d347e6d83
Author: Kamen Mazdrashki <kamen.mazdrashki at postpath.com>
Date:   Sat Dec 5 21:44:15 2009 +0200

    talloc: Fix write behind memory block
    
    If ALWASY_REALLOC is defined and we are to 'shrink' memory block,
    memcpy() will write outside memory just allocated.
    
    Signed-off-by: Andrew Tridgell <tridge at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/talloc/talloc.c                |    2 +-
 lib/tdr/testsuite.c                |    2 +-
 source4/heimdal/lib/krb5/context.c |    4 ++++
 source4/ntvfs/posix/pvfs_streams.c |   12 ++++++++----
 source4/selftest/knownfail         |    2 +-
 5 files changed, 15 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 7beda4b..f7b1ac3 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -1184,7 +1184,7 @@ void *_talloc_realloc(const void *context, void *ptr, size_t size, const char *n
 #if ALWAYS_REALLOC
 	new_ptr = malloc(size + TC_HDR_SIZE);
 	if (new_ptr) {
-		memcpy(new_ptr, tc, tc->size + TC_HDR_SIZE);
+		memcpy(new_ptr, tc, MIN(tc->size, size) + TC_HDR_SIZE);
 		free(tc);
 	}
 #else
diff --git a/lib/tdr/testsuite.c b/lib/tdr/testsuite.c
index 36bb164..ca76b52 100644
--- a/lib/tdr/testsuite.c
+++ b/lib/tdr/testsuite.c
@@ -154,7 +154,7 @@ static bool test_push_charset(struct torture_context *tctx)
 	torture_assert_ntstatus_ok(tctx, tdr_push_charset(tdr, &l, 4, 1, CH_UTF8), 
 							   "push failed");
 	torture_assert_int_equal(tctx, 4, tdr->data.length, "offset invalid");
-	torture_assert(tctx, strcmp("bloe", (const char *)tdr->data.data) == 0, "right string push");
+	torture_assert(tctx, strncmp("bloe", (const char *)tdr->data.data, 4) == 0, "right string push");
 
 	torture_assert_ntstatus_ok(tctx, tdr_push_charset(tdr, &l, -1, 1, CH_UTF8), 
 							   "push failed");
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index 79e1000..12fc676 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -474,6 +474,10 @@ krb5_free_context(krb5_context context)
     krb5_set_ignore_addresses(context, NULL);
     krb5_set_send_to_kdc_func(context, NULL, NULL);
 
+#ifdef PKINIT
+    hx509_context_free(&context->hx509ctx);
+#endif
+
     HEIMDAL_MUTEX_destroy(context->mutex);
     free(context->mutex);
 
diff --git a/source4/ntvfs/posix/pvfs_streams.c b/source4/ntvfs/posix/pvfs_streams.c
index 4da9543..cacd8c1 100644
--- a/source4/ntvfs/posix/pvfs_streams.c
+++ b/source4/ntvfs/posix/pvfs_streams.c
@@ -304,11 +304,15 @@ NTSTATUS pvfs_stream_rename(struct pvfs_state *pvfs, struct pvfs_filename *name,
 	}
 
 	status = pvfs_streams_save(pvfs, name, fd, streams);
-	talloc_free(streams);
 
-	/* update the in-memory copy of the name of the open file */
-	talloc_free(name->stream_name);
-	name->stream_name = talloc_strdup(name, new_name);
+	if (NT_STATUS_IS_OK(status)) {
+
+		/* update the in-memory copy of the name of the open file */
+		talloc_free(name->stream_name);
+		name->stream_name = talloc_strdup(name, new_name);
+
+		talloc_free(streams);
+	}
 
 	return status;
 }
diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail
index 22fc4a1..9d52df1 100644
--- a/source4/selftest/knownfail
+++ b/source4/selftest/knownfail
@@ -41,7 +41,7 @@ rpc.netlogon.*.ServerGetTrustInfo
 rpc.netlogon.*.GetDomainInfo # Also fails against W2K8 (but in a different way)
 samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet
 samba4.rpc.samr.users.privileges
-samba4.rpc.spoolss.printer # Not provided by Samba 4 yet
+samba4.rpc.spoolss # Not provided by Samba 4 yet
 base.charset.*.Testing partial surrogate
 .*net.api.delshare.*				# DelShare isn't implemented yet
 rap.*netservergetinfo


-- 
Samba Shared Repository

More information about the samba-cvs mailing list