[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Mon Nov 4 04:31:02 MST 2013


The branch, master has been updated
       via  e2d6431 s3:rpc_server: rpc_create_tcpip_sockets() may leak talloc_stackframe on failure
       via  7306253 s3:rpcclient: fix a leaked talloc_stackframe in cmd_epmapper
       via  412af28 s3:rpc_client: fix a leaked talloc_stackframe
       via  d4a5c83 smbd: Invalidate the session correctly.
      from  8a50509 s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an originating add operation

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e2d6431cd4d3dee6a777e6c1063b42b8a0fa0cef
Author: Gregor Beck <gbeck at sernet.de>
Date:   Fri Nov 1 09:02:48 2013 +0100

    s3:rpc_server: rpc_create_tcpip_sockets() may leak talloc_stackframe on failure
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241
    
    Signed-off-by: Gregor Beck <gbeck at sernet.de>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Nov  4 12:30:27 CET 2013 on sn-devel-104

commit 73062533e0cf5adddafed637327455ae52cab486
Author: Gregor Beck <gbeck at sernet.de>
Date:   Fri Nov 1 08:59:53 2013 +0100

    s3:rpcclient: fix a leaked talloc_stackframe in cmd_epmapper
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241
    
    Signed-off-by: Gregor Beck <gbeck at sernet.de>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 412af28e1e7bb6939b0c6c7fddbc3e992fad4ca1
Author: Gregor Beck <gbeck at sernet.de>
Date:   Fri Nov 1 08:54:27 2013 +0100

    s3:rpc_client: fix a leaked talloc_stackframe
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=10241
    
    Signed-off-by: Gregor Beck <gbeck at sernet.de>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit d4a5c832f1806a9c664d52a34ea1a24eb370fa89
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Sep 23 14:10:27 2013 -0700

    smbd: Invalidate the session correctly.
    
    When a session is invalidated then we must also ensure it isn't used in
    any pending requests being processed.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_client/cli_pipe.c        |    3 ++-
 source3/rpc_server/rpc_sock_helper.c |   15 +++++++++------
 source3/rpcclient/cmd_epmapper.c     |   12 +++++++-----
 source3/smbd/smb2_sesssetup.c        |   23 +++++++++++++++++++++++
 4 files changed, 41 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 48ed92c..1342354 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2301,7 +2301,8 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
 	if (ndr_syntax_id_equal(&table->syntax_id,
 				&ndr_table_epmapper.syntax_id)) {
 		*pport = 135;
-		return NT_STATUS_OK;
+		status = NT_STATUS_OK;
+		goto done;
 	}
 
 	/* open the connection to the endpoint mapper */
diff --git a/source3/rpc_server/rpc_sock_helper.c b/source3/rpc_server/rpc_sock_helper.c
index 650dd9d..8f371b8 100644
--- a/source3/rpc_server/rpc_sock_helper.c
+++ b/source3/rpc_server/rpc_sock_helper.c
@@ -142,7 +142,7 @@ NTSTATUS rpc_create_tcpip_sockets(const struct ndr_interface_table *iface,
 									p);
 				if (!NT_STATUS_IS_OK(status)) {
 					close(fd);
-					return status;
+					goto done;
 				}
 			}
 		}
@@ -201,13 +201,15 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
 								       sizeof(struct sockaddr_storage),
 								       &bind_addr);
 				if (rc < 0) {
-					return NT_STATUS_NO_MEMORY;
+					status = NT_STATUS_NO_MEMORY;
+					goto done;
 				}
 
 				addr = tsocket_address_inet_addr_string(bind_addr,
 									tmp_ctx);
 				if (addr == NULL) {
-					return NT_STATUS_NO_MEMORY;
+					status = NT_STATUS_NO_MEMORY;
+					goto done;
 				}
 
 				status = dcerpc_binding_vector_add_port(iface,
@@ -215,7 +217,7 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
 									addr,
 									p);
 				if (!NT_STATUS_IS_OK(status)) {
-					return status;
+					goto done;
 				}
 			}
 		}
@@ -247,7 +249,8 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
 							    &ss,
 							    port);
 			if (p == 0) {
-				return NT_STATUS_UNSUCCESSFUL;
+				status = NT_STATUS_UNSUCCESSFUL;
+				goto done;
 			}
 
 			if (bvec != NULL) {
@@ -256,7 +259,7 @@ NTSTATUS rpc_setup_tcpip_sockets(struct tevent_context *ev_ctx,
 									sock_tok,
 									p);
 				if (!NT_STATUS_IS_OK(status)) {
-					return status;
+					goto done;
 				}
 			}
 		}
diff --git a/source3/rpcclient/cmd_epmapper.c b/source3/rpcclient/cmd_epmapper.c
index fc844f9..68fa701 100644
--- a/source3/rpcclient/cmd_epmapper.c
+++ b/source3/rpcclient/cmd_epmapper.c
@@ -51,7 +51,7 @@ static NTSTATUS cmd_epmapper_map(struct rpc_pipe_client *p,
 	if (!NT_STATUS_IS_OK(status)) {
 		d_fprintf(stderr, "dcerpc_binding_build_tower returned %s\n",
 			  nt_errstr(status));
-		return status;
+		goto done;
 	}
 
 	ZERO_STRUCT(towers);
@@ -64,13 +64,14 @@ static NTSTATUS cmd_epmapper_map(struct rpc_pipe_client *p,
 	if (!NT_STATUS_IS_OK(status)) {
 		d_fprintf(stderr, "dcerpc_epm_Map returned %s\n",
 			  nt_errstr(status));
-		return status;
+		goto done;
 	}
 
 	if (result != EPMAPPER_STATUS_OK) {
 		d_fprintf(stderr, "epm_Map returned %u (0x%08X)\n",
 			  result, result);
-		return NT_STATUS_UNSUCCESSFUL;
+		status = NT_STATUS_UNSUCCESSFUL;
+		goto done;
 	}
 
 	d_printf("num_tower[%u]\n", num_towers);
@@ -91,8 +92,9 @@ static NTSTATUS cmd_epmapper_map(struct rpc_pipe_client *p,
 
 		d_printf("tower[%u] %s\n", i, dcerpc_binding_string(tmp_ctx, binding));
 	}
-
-	return NT_STATUS_OK;
+done:
+	TALLOC_FREE(tmp_ctx);
+	return status;
 }
 
 static NTSTATUS cmd_epmapper_lookup(struct rpc_pipe_client *p,
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index dd243c9..cb8f847 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -457,6 +457,8 @@ static int pp_self_ref_destructor(struct smbd_smb2_session_setup_state **pp_stat
 
 static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_setup_state *state)
 {
+	struct smbd_smb2_request *preq;
+
 	/*
 	 * If state->session is not NULL,
 	 * we move the session from the session table to the request on failure
@@ -471,6 +473,27 @@ static int smbd_smb2_session_setup_state_destructor(struct smbd_smb2_session_set
 	state->session->status = NT_STATUS_USER_SESSION_DELETED;
 	state->smb2req->session = talloc_move(state->smb2req, &state->session);
 
+	/*
+	 * We've made this session owned by the current request.
+	 * Ensure that any outstanding requests don't also refer
+	 * to it.
+	 */
+
+	for (preq = state->smb2req->sconn->smb2.requests; preq != NULL; preq = preq->next) {
+		if (preq == state->smb2req) {
+			continue;
+		}
+		if (preq->session == state->smb2req->session) {
+			preq->session = NULL;
+			/*
+			 * If we no longer have a session we can't
+			 * sign or encrypt replies.
+			 */
+			preq->do_signing = false;
+			preq->do_encryption = false;
+		}
+	}
+
 	return 0;
 }
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list