[SCM] Samba Shared Repository - branch v3-5-test updated

Karolin Seeger kseeger at samba.org
Thu Nov 3 13:52:31 MDT 2011


The branch, v3-5-test has been updated
       via  b7bc7cd s3:rpc_server/srv_netlogon: make sure we don't use an unitialized variable
       via  bb7d9fd libcli/auth: only expose creds to the caller on success
       via  b6c3195 libcli/auth: debug the given computer name creds might be NULL
      from  9a92f84 WHATSNEW: Start release notes for 3.5.13.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit b7bc7cd98a8dbf77275d2a6f31be6798b362a1cf
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Nov 2 10:58:26 2011 +0100

    s3:rpc_server/srv_netlogon: make sure we don't use an unitialized variable
    
    metze
    
    The last 3 patches address bug #8562 (talloc: double free error).

commit bb7d9fd886723e78680670ef4b0010e76f94ea80
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Nov 2 10:57:09 2011 +0100

    libcli/auth: only expose creds to the caller on success
    
    metze

commit b6c3195a5a08808c8cf6a6ae3099bf534ddd36a8
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Nov 2 10:55:27 2011 +0100

    libcli/auth: debug the given computer name creds might be NULL
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/schannel_state_tdb.c   |    9 +++++----
 source3/rpc_server/srv_netlog_nt.c |   12 ++++++++++--
 2 files changed, 15 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 7ec8b3f..eded80f 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -169,7 +169,7 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb,
 					      struct netr_Authenticator *return_authenticator,
 					      struct netlogon_creds_CredentialState **creds_out)
 {
-	struct netlogon_creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds = NULL;
 	NTSTATUS status;
 	int ret;
 
@@ -193,7 +193,8 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb,
 	if (schannel_required_for_call && !schannel_in_use) {
 		DEBUG(0,("schannel_creds_server_step_check_tdb: "
 			"client %s not using schannel for netlogon, despite negotiating it\n",
-			creds->computer_name ));
+			computer_name));
+		TALLOC_FREE(creds);
 		tdb_transaction_cancel(tdb);
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -211,12 +212,12 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb,
 	if (NT_STATUS_IS_OK(status)) {
 		tdb_transaction_commit(tdb);
 		if (creds_out) {
-			*creds_out = creds;
-			talloc_steal(mem_ctx, creds);
+			*creds_out = talloc_move(mem_ctx, &creds);
 		}
 	} else {
 		tdb_transaction_cancel(tdb);
 	}
 
+	TALLOC_FREE(creds);
 	return status;
 }
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 1ebe361..972d902 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -977,7 +977,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 				  struct netr_ServerPasswordSet2 *r)
 {
 	NTSTATUS status;
-	struct netlogon_creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds = NULL;
 	struct samu *sampass;
 	DATA_BLOB plaintext;
 	struct samr_CryptPassword password_buf;
@@ -992,9 +992,15 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 	unbecome_root();
 
 	if (!NT_STATUS_IS_OK(status)) {
+		const char *computer_name = "<unknown>";
+
+		if (creds && creds->computer_name) {
+			computer_name = creds->computer_name;
+		}
+
 		DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
 			"failed. Rejecting auth request from client %s machine account %s\n",
-			r->in.computer_name, creds->computer_name));
+			r->in.computer_name, computer_name));
 		TALLOC_FREE(creds);
 		return status;
 	}
@@ -1004,6 +1010,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 	netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
 
 	if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
+		TALLOC_FREE(creds);
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
@@ -1012,6 +1019,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 	status = netr_find_machine_account(p->mem_ctx,
 					   creds->account_name,
 					   &sampass);
+	TALLOC_FREE(creds);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list