[SCM] Samba Shared Repository - branch master updated

Simo Sorce idra at samba.org
Mon Jun 7 15:26:27 MDT 2010 

The branch, master has been updated
       via  5da783f... s3:smbd add utility function to check if there are open pipes
       via  f9fc4df... s3:rpc make num_pipe_handles get an actual pipe as argument
       via  22e9015... s3:rpc handles are used by all pipes, use better name
       via  f7e2e83... s3:rpc fix potential out of bound memory access
      from  711a30a... s3: fix build on platforms without st_blocks and st_blksize stat struct members

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 5da783f4a79ee0a927f2483ae20b691074bb3007
Author: Simo Sorce <ssorce at redhat.com>
Date:   Mon Jun 7 14:08:05 2010 -0400

    s3:smbd add utility function to check if there are open pipes

commit f9fc4df0c0a6401d185b057c17d6b30ef549b3d0
Author: Simo Sorce <ssorce at redhat.com>
Date:   Mon Jun 7 16:02:14 2010 -0400

    s3:rpc make num_pipe_handles get an actual pipe as argument
    
    Let the function abstract out how handles are counted

commit 22e9015e975096acf075240cc7d33f12c7c77395
Author: Simo Sorce <ssorce at redhat.com>
Date:   Sun Jun 6 16:33:28 2010 -0400

    s3:rpc handles are used by all pipes, use better name

commit f7e2e8370bfa91ad8dbd9de4f69bf1cfe0947573
Author: Simo Sorce <ssorce at redhat.com>
Date:   Mon Jun 7 15:07:38 2010 -0400

    s3:rpc fix potential out of bound memory access
    
    memcpy copies memory unconditionally, we are passing "" in some cases here.
    Use strncpy which will stop reading from src if the null byte is found and
    will fill with nulls the destination.

-----------------------------------------------------------------------

Summary of changes:
 source3/Makefile.in                                |    2 +-
 source3/include/proto.h                            |    5 +++--
 .../rpc_server/{srv_lsa_hnd.c => rpc_handles.c}    |    6 +++---
 source3/rpc_server/rpc_ncacn_np_internal.c         |   14 +++++++++++++-
 source3/rpc_server/srv_spoolss_nt.c                |    2 +-
 source3/smbd/conn.c                                |   11 +++--------
 6 files changed, 24 insertions(+), 16 deletions(-)
 rename source3/rpc_server/{srv_lsa_hnd.c => rpc_handles.c} (99%)


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index d9e4ec5..8e2c003 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -654,7 +654,7 @@ RPC_EVENTLOG_OBJ = rpc_server/srv_eventlog_nt.o \
 NPA_TSTREAM_OBJ = ../libcli/named_pipe_auth/npa_tstream.o
 
 RPC_NCACN_NP_INTERNAL = rpc_server/srv_pipe_register.o rpc_server/rpc_ncacn_np_internal.o \
-			rpc_server/srv_lsa_hnd.o
+			rpc_server/rpc_handles.o
 
 RPC_PIPE_OBJ = rpc_server/srv_pipe.o rpc_server/srv_pipe_hnd.o \
 	       $(RPC_NCACN_NP_INTERNAL)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9582884..2f68f0e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5152,9 +5152,9 @@ bool smb_io_rpc_hdr_auth(const char *desc, RPC_HDR_AUTH *rai, prs_struct *ps, in
 
 /* The following definitions come from rpc_server/srv_eventlog_nt.c  */
 
-/* The following definitions come from rpc_server/srv_lsa_hnd.c  */
+/* The following definitions come from rpc_server/rpc_handles.c  */
 
-size_t num_pipe_handles(struct handle_list *list);
+size_t num_pipe_handles(pipes_struct *p);
 bool init_pipe_handle_list(pipes_struct *p,
 			   const struct ndr_syntax_id *syntax);
 bool create_policy_hnd(pipes_struct *p, struct policy_handle *hnd, void *data_ptr);
@@ -5208,6 +5208,7 @@ bool api_pipe_request(pipes_struct *p);
 
 pipes_struct *get_first_internal_pipe(void);
 pipes_struct *get_next_internal_pipe(pipes_struct *p);
+bool check_open_pipes(void);
 
 bool fsp_is_np(struct files_struct *fsp);
 struct tsocket_address;
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/rpc_handles.c
similarity index 99%
rename from source3/rpc_server/srv_lsa_hnd.c
rename to source3/rpc_server/rpc_handles.c
index 7cc1b43..fa4100f 100644
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -62,12 +62,12 @@ static bool is_samr_lsa_pipe(const struct ndr_syntax_id *syntax)
 		|| ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id));
 }
 
-size_t num_pipe_handles(struct handle_list *list)
+size_t num_pipe_handles(pipes_struct *p)
 {
-	if (list == NULL) {
+	if (p->pipe_handles == NULL) {
 		return 0;
 	}
-	return list->count;
+	return p->pipe_handles->count;
 }
 
 /****************************************************************************
diff --git a/source3/rpc_server/rpc_ncacn_np_internal.c b/source3/rpc_server/rpc_ncacn_np_internal.c
index 6002489..18251c6 100644
--- a/source3/rpc_server/rpc_ncacn_np_internal.c
+++ b/source3/rpc_server/rpc_ncacn_np_internal.c
@@ -68,6 +68,18 @@ static void free_pipe_rpc_context_internal( PIPE_RPC_FNS *list )
 	return;
 }
 
+bool check_open_pipes(void)
+{
+	pipes_struct *p;
+
+	for (p = InternalPipes; p != NULL; p = p->next) {
+		if (num_pipe_handles(p) != 0) {
+			return true;
+		}
+	}
+	return false;
+}
+
 /****************************************************************************
  Close an rpc pipe.
 ****************************************************************************/
@@ -159,7 +171,7 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
 
 	DLIST_ADD(InternalPipes, p);
 
-	memcpy(p->client_address, client_address, sizeof(p->client_address));
+	strlcpy(p->client_address, client_address, sizeof(p->client_address));
 
 	p->endian = RPC_LITTLE_ENDIAN;
 
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 104efdc..8ebc7fa 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -593,7 +593,7 @@ static bool open_printer_hnd(pipes_struct *p, struct policy_handle *hnd,
 	new_printer->access_granted = access_granted;
 
 	DEBUG(5, ("%d printer handles active\n",
-		  (int)num_pipe_handles(p->pipe_handles)));
+		  (int)num_pipe_handles(p)));
 
 	return true;
 }
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index afb7a7f..707f6c4 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -213,7 +213,6 @@ bool conn_close_all(struct smbd_server_connection *sconn)
 bool conn_idle_all(struct smbd_server_connection *sconn,time_t t)
 {
 	int deadtime = lp_deadtime()*60;
-	pipes_struct *plist = NULL;
 	connection_struct *conn;
 
 	if (deadtime <= 0)
@@ -243,14 +242,10 @@ bool conn_idle_all(struct smbd_server_connection *sconn,time_t t)
 	 * Check all pipes for any open handles. We cannot
 	 * idle with a handle open.
 	 */
-
-	for (plist = get_first_internal_pipe(); plist;
-	     plist = get_next_internal_pipe(plist)) {
-		if (num_pipe_handles(plist->pipe_handles) != 0) {
-			return False;
-		}
+	if (check_open_pipes()) {
+		return False;
 	}
-	
+
 	return True;
 }
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list