[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Thu Nov 7 10:59:02 MST 2013
The branch, master has been updated
via 27ca838 s4-lsa: Make sure we also duplicate the domain_name.
via 8ef055b s4-lsa: Add missing null checks in dcesrv_lsa_lookup_name().
via 0aa7395 s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().
from 1c818d6 test_smbclient_tarmode.pl: remove unneccesary arg defaults
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 27ca838c082f080f53b6c8da153509f4f33b0ff6
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 7 16:55:53 2013 +0100
s4-lsa: Make sure we also duplicate the domain_name.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Nov 7 18:58:44 CET 2013 on sn-devel-104
commit 8ef055bad502f59ee1243303637a5a5fe6dc0d5b
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 7 15:57:51 2013 +0100
s4-lsa: Add missing null checks in dcesrv_lsa_lookup_name().
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 0aa73958f0679f8b7389295c4601903f3f8f3a53
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 7 15:55:29 2013 +0100
s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().
Pair-Programmed-With: Volker Lendecke <vl at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/rpc_server/lsa/lsa_lookup.c | 48 +++++++++++++++++++++++++++++-----
1 files changed, 41 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 07d5c2f..c9c07cf 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -284,6 +284,9 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
if (username == NULL) {
*authority_name = NAME_BUILTIN;
*sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
+ if (*sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
*rtype = SID_NAME_DOMAIN;
*rid = 0xFFFFFFFF;
return NT_STATUS_OK;
@@ -292,6 +295,9 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
if (strcasecmp_m(username, NAME_NT_AUTHORITY) == 0) {
*authority_name = NAME_NT_AUTHORITY;
*sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
+ if (*sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
*rtype = SID_NAME_DOMAIN;
dom_sid_split_rid(NULL, *sid, NULL, rid);
return NT_STATUS_OK;
@@ -299,25 +305,42 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
if (strcasecmp_m(username, NAME_BUILTIN) == 0) {
*authority_name = NAME_BUILTIN;
*sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN);
+ if (*sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
*rtype = SID_NAME_DOMAIN;
*rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
if (strcasecmp_m(username, state->domain_dns) == 0) {
- *authority_name = state->domain_name;
- *sid = state->domain_sid;
+ *authority_name = talloc_strdup(mem_ctx,
+ state->domain_name);
+ if (*authority_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *sid = dom_sid_dup(mem_ctx, state->domain_sid);
+ if (*sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
*rtype = SID_NAME_DOMAIN;
*rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
if (strcasecmp_m(username, state->domain_name) == 0) {
- *authority_name = state->domain_name;
- *sid = state->domain_sid;
+ *authority_name = talloc_strdup(mem_ctx,
+ state->domain_name);
+ if (*authority_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *sid = dom_sid_dup(mem_ctx, state->domain_sid);
+ if (*sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
*rtype = SID_NAME_DOMAIN;
*rid = 0xFFFFFFFF;
return NT_STATUS_OK;
}
-
+
/* Perhaps this is a well known user? */
name = talloc_asprintf(mem_ctx, "%s\\%s", NAME_NT_AUTHORITY, username);
if (!name) {
@@ -353,6 +376,9 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
if (!*username) {
*authority_name = NAME_NT_AUTHORITY;
*sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY);
+ if (*sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
*rtype = SID_NAME_DOMAIN;
dom_sid_split_rid(NULL, *sid, NULL, rid);
return NT_STATUS_OK;
@@ -369,10 +395,18 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
*authority_name = NAME_BUILTIN;
domain_dn = state->builtin_dn;
} else if (strcasecmp_m(domain, state->domain_dns) == 0) {
- *authority_name = state->domain_name;
+ *authority_name = talloc_strdup(mem_ctx,
+ state->domain_name);
+ if (*authority_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
domain_dn = state->domain_dn;
} else if (strcasecmp_m(domain, state->domain_name) == 0) {
- *authority_name = state->domain_name;
+ *authority_name = talloc_strdup(mem_ctx,
+ state->domain_name);
+ if (*authority_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
domain_dn = state->domain_dn;
} else {
/* Not local, need to ask winbind in future */
--
Samba Shared Repository
More information about the samba-cvs
mailing list