[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Mon Nov 4 04:31:02 MST 2013
The branch, master has been updated
via e2d6431 s3:rpc_server: rpc_create_tcpip_sockets() may leak talloc_stackframe on failure
via 7306253 s3:rpcclient: fix a leaked talloc_stackframe in cmd_epmapper
via 412af28 s3:rpc_client: fix a leaked talloc_stackframe
via d4a5c83 smbd: Invalidate the session correctly.
from 8a50509 s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an originating add operation
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e2d6431cd4d3dee6a777e6c1063b42b8a0fa0cef
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Nov 1 09:02:48 2013 +0100
s3:rpc_server: rpc_create_tcpip_sockets() may leak talloc_stackframe on failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Nov 4 12:30:27 CET 2013 on sn-devel-104
commit 73062533e0cf5adddafed637327455ae52cab486
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Nov 1 08:59:53 2013 +0100
s3:rpcclient: fix a leaked talloc_stackframe in cmd_epmapper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 412af28e1e7bb6939b0c6c7fddbc3e992fad4ca1
Author: Gregor Beck <gbeck at sernet.de>
Date: Fri Nov 1 08:54:27 2013 +0100
s3:rpc_client: fix a leaked talloc_stackframe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241
Signed-off-by: Gregor Beck <gbeck at sernet.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d4a5c832f1806a9c664d52a34ea1a24eb370fa89
Author: Jeremy Allison <jra at samba.org>
Date: Mon Sep 23 14:10:27 2013 -0700
smbd: Invalidate the session correctly.
When a session is invalidated then we must also ensure it isn't used in
any pending requests being processed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_client/cli_pipe.c | 3 ++-
source3/rpc_server/rpc_sock_helper.c | 15 +++++++++------
source3/rpcclient/cmd_epmapper.c | 12 +++++++-----
source3/smbd/smb2_sesssetup.c | 23 +++++++++++++++++++++++
4 files changed, 41 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 48ed92c..1342354 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2301,7 +2301,8 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
if (ndr_syntax_id_equal(&table->syntax_id,
&ndr_table_epmapper.syntax_id)) {
*pport = 135;
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+ goto done;
}
/* open the connection to the endpoint mapper */
diff --git a/source3/rpc_server/rpc_sock_helper.c b/source3/rpc_server/rpc_sock_helper.c
index 650dd9d..8f371b8 100644
--- a/source3/rpc_server/rpc_sock_helper.c
+++ b/source3/rpc_server/rpc_sock_helper.c
@@ -142,7 +142,7 @@ NTSTATUS rpc_create_tcpip_sockets(const struct ndr_interface_table *iface,
p);
if (!NT_STATUS_IS_OK(status)) {
close(fd);
- return status;
+ goto done;
}
}
}
@@ -201,13 +201,15 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
sizeof(struct sockaddr_storage),
&bind_addr);
if (rc < 0) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
addr = tsocket_address_inet_addr_string(bind_addr,
tmp_ctx);
if (addr == NULL) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
status = dcerpc_binding_vector_add_port(iface,
@@ -215,7 +217,7 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
addr,
p);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
}
}
@@ -247,7 +249,8 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
&ss,
port);
if (p == 0) {
- return NT_STATUS_UNSUCCESSFUL;
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
if (bvec != NULL) {
@@ -256,7 +259,7 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
sock_tok,
p);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
}
}
diff --git a/source3/rpcclient/cmd_epmapper.c b/source3/rpcclient/cmd_epmapper.c
index fc844f9..68fa701 100644
--- a/source3/rpcclient/cmd_epmapper.c
+++ b/source3/rpcclient/cmd_epmapper.c
@@ -51,7 +51,7 @@ static NTSTATUS cmd_epmapper_map(struct rpc_pipe_client *p,
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "dcerpc_binding_build_tower returned %s\n",
nt_errstr(status));
- return status;
+ goto done;
}
ZERO_STRUCT(towers);
@@ -64,13 +64,14 @@ static NTSTATUS cmd_epmapper_map(struct rpc_pipe_client *p,
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "dcerpc_epm_Map returned %s\n",
nt_errstr(status));
- return status;
+ goto done;
}
if (result != EPMAPPER_STATUS_OK) {
d_fprintf(stderr, "epm_Map returned %u (0x%08X)\n",
result, result);
- return NT_STATUS_UNSUCCESSFUL;
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
}
d_printf("num_tower[%u]\n", num_towers);
@@ -91,8 +92,9 @@ static NTSTATUS cmd_epmapper_map(struct rpc_pipe_client *p,
d_printf("tower[%u] %s\n", i, dcerpc_binding_string(tmp_ctx, binding));
}
-
- return NT_STATUS_OK;
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
static NTSTATUS cmd_epmapper_lookup(struct rpc_pipe_client *p,
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index dd243c9..cb8f847 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -457,6 +457,8 @@ static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_stat
static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
{
+ struct smbd_smb2_request *preq;
+
/*
* If state->session is not NULL,
* we move the session from the session table to the request on failure
@@ -471,6 +473,27 @@ static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_set
state->session->status = NT_STATUS_USER_SESSION_DELETED;
state->smb2req->session = talloc_move(state->smb2req, &state->session);
+ /*
+ * We've made this session owned by the current request.
+ * Ensure that any outstanding requests don't also refer
+ * to it.
+ */
+
+ for (preq = state->smb2req->sconn->smb2.requests; preq != NULL; preq = preq->next) {
+ if (preq == state->smb2req) {
+ continue;
+ }
+ if (preq->session == state->smb2req->session) {
+ preq->session = NULL;
+ /*
+ * If we no longer have a session we can't
+ * sign or encrypt replies.
+ */
+ preq->do_signing = false;
+ preq->do_encryption = false;
+ }
+ }
+
return 0;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list