[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Fri May 2 07:40:03 MDT 2014
The branch, v4-0-test has been updated
via 4386827 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose().
via deadf70 lib-util: rename memdup to smb_memdup and fix all callers (bug #10556)
via 3d6e3ac build: fix ordering problems with lib-provided and internal RPATHs
via 0953816 Revert "tevent: fix crash bug in tevent_queue_immediate_trigger()"
via f0d41fb s3-lib/util: fix logic inside set_namearray loops.
via 9057b42 s3-lib/util: fix read across end of namelist string
via 0583bf5 s3-nmbd: reset debug settings after reading config file (bug #10239)
from 1559d43 VERSION: Bump version number up to 4.0.18...
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 4386827f919cf3679fde99e5f4e63ad81efa68de
Author: Noel Power <nopower at suse.com>
Date: Thu Feb 27 12:07:11 2014 -0800
s3: smbd - smb1 - fix read of deleted memory in reply_writeclose().
While running smbtorture test raw.write under valgrind an "Invalid read"
was reported in methid reply_writeclose, it seems after closing a file
sometime later we try to access it again.
Signed-off-by: Noel Power <noel.power at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar 3 20:42:40 CET 2014 on sn-devel-104
(cherry picked from commit 04e434661fa6b5f13776f925b0a7cbadb6b6d006)
Fix bug #10554 - request backport for 'smb1 - fix read of deleted memory in
reply_writeclose()'.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Fri May 2 15:39:19 CEST 2014 on sn-devel-104
commit deadf7095c3ad7f93e8d099052503b0a334b9eec
Author: Björn Baumbach <bb at sernet.de>
Date: Mon Apr 14 14:37:29 2014 +0200
lib-util: rename memdup to smb_memdup and fix all callers (bug #10556)
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit fae7e5d771d1c69bded1189b23335647023fa0f7)
Conflicts:
ctdb/lib/util/util.h
Also renamed memdup() in source3/locking/brlock.c
commit 3d6e3aceecf8893484f3fba73aef7d55c14d6b4a
Author: Michael Adam <obnox at samba.org>
Date: Wed Oct 16 15:17:18 2013 +0200
build: fix ordering problems with lib-provided and internal RPATHs
When a library or system (like cups) provides an RPATH,
e.g. with -Wl,-R or -Wl,-rpath, this was added by waf
to the LINKFLAGS, wich was later prepended to our RPATH.
But if the path by chance contains an older version of
one of our internal libraries like talloc, this would lead
to linking the too old talloc into our binaries.
This has been observed on, e.g., FreeBSD, but it is a general
problem.
This patch fixes the problem by specially parsing the RPATH
linker options from the pkg-config(, cups-config, ....) output
and putting the paths into the RPATH_<lib> container, which
is then later correctly appended to our internal RPATH.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 64f5e24100a764ec198cab9a8d2c43fa86e7027c)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10548
commit 0953816ae9414ea7d32a64af62f2fecb1868a627
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Apr 29 10:23:03 2014 +0200
Revert "tevent: fix crash bug in tevent_queue_immediate_trigger()"
This reverts commit fc185a5f4cb34f4a2488eb336844c32812f930e7.
See https://bugzilla.samba.org/show_bug.cgi?id=10344 for details.
Stefan (metze) Metzmacher 2014-04-11 07:28:18 UTC
Karolin, please revert fc185a5f4cb34f4a2488eb336844c32812f930e7 in v4-0-test,
this somehow went in twice. 87a02403ee4fcc404dc3b887a851c421660cb4d8 is the
first commit.
It's not a real problem to have the same check twice, but it's a bit confusing
and may generate problems with future backports.
commit f0d41fbc7295de4e31229704b255ca1db7f761f8
Author: Jeremy Allison <jra at samba.org>
Date: Tue Apr 8 10:38:33 2014 -0700
s3-lib/util: fix logic inside set_namearray loops.
Additional fix for bug #10544 - s3-lib/util: set_namearray reads across end of namelist string.
Not strictly needed as the initial fix addresses
the problem, but corrects the internal logic
inside the loops.
https://bugzilla.samba.org/show_bug.cgi?id=10544
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 4f59580331b934b183c3344da57f2002d88d4512)
commit 9057b426d232638dcb1374724023aa95f4e86081
Author: Björn Baumbach <bb at sernet.de>
Date: Mon Apr 7 13:46:42 2014 +0200
s3-lib/util: fix read across end of namelist string
If the namelist is not terminated with a '/', we try to read
the next character after the string termination '\0'.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 8 21:44:16 CEST 2014 on sn-devel-104
(cherry picked from commit 8f46b130c5c796d66d26982f5cd99c52f7c8ece1)
Fix bug #10544 - s3-lib/util: set_namearray reads across end of namelist
string.
commit 0583bf5ca1446bd00943a888a3cf877d8d4c52e8
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Mar 19 15:01:11 2014 +0100
s3-nmbd: reset debug settings after reading config file (bug #10239)
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 25 18:29:06 CET 2014 on sn-devel-104
(cherry picked from commit a7df00c82049547129f063a40a842b156c8aead4)
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafadmin/Tools/config_c.py | 13 +++++++++++++
lib/tevent/tevent_queue.c | 4 ----
lib/util/samba_util.h | 2 +-
lib/util/util.c | 2 +-
source3/lib/interface.c | 4 ++--
source3/lib/smbldap.c | 2 +-
source3/lib/util.c | 33 +++++++++++++++++++++------------
source3/libsmb/clirap.c | 4 ++--
source3/locking/brlock.c | 2 +-
source3/nmbd/nmbd.c | 4 ++++
source3/passdb/secrets.c | 2 +-
source3/smbd/reply.c | 24 +++++++++++++-----------
source3/smbd/seal.c | 2 +-
source3/smbd/sec_ctx.c | 4 ++--
source3/winbindd/winbindd_cache.c | 2 +-
source4/smbd/process_thread.c | 4 ++--
16 files changed, 66 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafadmin/Tools/config_c.py b/buildtools/wafadmin/Tools/config_c.py
index a32d8aa..d0bc617 100644
--- a/buildtools/wafadmin/Tools/config_c.py
+++ b/buildtools/wafadmin/Tools/config_c.py
@@ -73,6 +73,19 @@ def parse_flags(line, uselib, env):
app('CCFLAGS_' + uselib, x)
app('CXXFLAGS_' + uselib, x)
app('LINKFLAGS_' + uselib, x)
+ #
+ # NOTE on special treatment of -Wl,-R and -Wl,-rpath:
+ #
+ # It is important to not put a library provided RPATH
+ # into the LINKFLAGS but in the RPATH instead, since
+ # the provided LINKFLAGS get prepended to our own internal
+ # RPATH later, and hence can potentially lead to linking
+ # in too old versions of our internal libs.
+ #
+ elif x.startswith('-Wl,-R'):
+ app('RPATH_' + uselib, x[6:])
+ elif x.startswith('-Wl,-rpath,'):
+ app('RPATH_' + uselib, x[11:])
elif x.startswith('-Wl'):
app('LINKFLAGS_' + uselib, x)
elif x.startswith('-m') or x.startswith('-f'):
diff --git a/lib/tevent/tevent_queue.c b/lib/tevent/tevent_queue.c
index e324680..eeb922f 100644
--- a/lib/tevent/tevent_queue.c
+++ b/lib/tevent/tevent_queue.c
@@ -144,10 +144,6 @@ static void tevent_queue_immediate_trigger(struct tevent_context *ev,
return;
}
- if (!q->list) {
- return;
- }
-
q->list->triggered = true;
q->list->trigger(q->list->req, q->list->private_data);
}
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 311e99d..c061721 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -725,7 +725,7 @@ char *smb_xstrndup(const char *s, size_t n);
/**
Like strdup but for memory.
**/
-_PUBLIC_ void *memdup(const void *p, size_t size);
+_PUBLIC_ void *smb_memdup(const void *p, size_t size);
/**
* Write a password to the log file.
diff --git a/lib/util/util.c b/lib/util/util.c
index f63720c..697c9bf 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -622,7 +622,7 @@ char *smb_xstrndup(const char *s, size_t n)
Like strdup but for memory.
**/
-_PUBLIC_ void *memdup(const void *p, size_t size)
+_PUBLIC_ void *smb_memdup(const void *p, size_t size)
{
void *p2;
if (size == 0)
diff --git a/source3/lib/interface.c b/source3/lib/interface.c
index 39dc9cb..3edeae5 100644
--- a/source3/lib/interface.c
+++ b/source3/lib/interface.c
@@ -503,10 +503,10 @@ void load_interfaces(void)
total_probed = get_interfaces(talloc_tos(), &ifaces);
if (total_probed > 0) {
- probed_ifaces = (struct iface_struct *)memdup(ifaces,
+ probed_ifaces = (struct iface_struct *)smb_memdup(ifaces,
sizeof(ifaces[0])*total_probed);
if (!probed_ifaces) {
- DEBUG(0,("ERROR: memdup failed\n"));
+ DEBUG(0,("ERROR: smb_memdup failed\n"));
exit(1);
}
}
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 5dd6d8d..7c6b8ee 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -353,7 +353,7 @@ static void smbldap_set_mod_internal(LDAPMod *** modlist, int modop, const char
mods[i]->mod_bvalues[j] = SMB_MALLOC_P(struct berval);
SMB_ASSERT(mods[i]->mod_bvalues[j] != NULL);
- mods[i]->mod_bvalues[j]->bv_val = (char *)memdup(blob->data, blob->length);
+ mods[i]->mod_bvalues[j]->bv_val = (char *)smb_memdup(blob->data, blob->length);
SMB_ASSERT(mods[i]->mod_bvalues[j]->bv_val != NULL);
mods[i]->mod_bvalues[j]->bv_len = blob->length;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index d543c7f..7095da9 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1060,6 +1060,7 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
{
char *name_end;
char *namelist;
+ char *namelist_end;
char *nameptr;
int num_entries = 0;
int i;
@@ -1076,12 +1077,14 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
}
nameptr = namelist;
+ namelist_end = &namelist[strlen(namelist)];
+
/* We need to make two passes over the string. The
first to count the number of elements, the second
to split it.
*/
- while(*nameptr) {
+ while(nameptr <= namelist_end) {
if ( *nameptr == '/' ) {
/* cope with multiple (useless) /s) */
nameptr++;
@@ -1093,11 +1096,13 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
/* find the next '/' or consume remaining */
name_end = strchr_m(nameptr, '/');
- if (name_end == NULL)
- name_end = (char *)nameptr + strlen(nameptr);
-
- /* next segment please */
- nameptr = name_end + 1;
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
num_entries++;
}
@@ -1115,7 +1120,7 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
/* Now copy out the names */
nameptr = namelist;
i = 0;
- while(*nameptr) {
+ while(nameptr <= namelist_end) {
if ( *nameptr == '/' ) {
/* cope with multiple (useless) /s) */
nameptr++;
@@ -1127,10 +1132,9 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
/* find the next '/' or consume remaining */
name_end = strchr_m(nameptr, '/');
- if (name_end)
+ if (name_end != NULL) {
*name_end = '\0';
- else
- name_end = nameptr + strlen(nameptr);
+ }
(*ppname_array)[i].is_wild = ms_has_wild(nameptr);
if(((*ppname_array)[i].name = SMB_STRDUP(nameptr)) == NULL) {
@@ -1139,8 +1143,13 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
return;
}
- /* next segment please */
- nameptr = name_end + 1;
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
i++;
}
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 7c185ef..40d5f67 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -67,14 +67,14 @@ bool cli_api(struct cli_state *cli,
* talloc
*/
- *rparam = (char *)memdup(my_rparam, num_my_rparam);
+ *rparam = (char *)smb_memdup(my_rparam, num_my_rparam);
if (*rparam == NULL) {
goto fail;
}
*rprcnt = num_my_rparam;
TALLOC_FREE(my_rparam);
- *rdata = (char *)memdup(my_rdata, num_my_rdata);
+ *rdata = (char *)smb_memdup(my_rdata, num_my_rdata);
if (*rdata == NULL) {
goto fail;
}
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 43abb98..de665c8 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -1774,7 +1774,7 @@ static int brl_traverse_fn(struct db_record *rec, void *state)
/* In a traverse function we must make a copy of
dbuf before modifying it. */
- locks = (struct lock_struct *)memdup(value.dptr, value.dsize);
+ locks = (struct lock_struct *)smb_memdup(value.dptr, value.dsize);
if (!locks) {
return -1; /* Terminate traversal. */
}
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 196b582..4d3e039 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -414,6 +414,8 @@ static bool reload_nmbd_services(bool test)
reload_nmbd_services( True );
}
+ reopen_logs();
+
return(ret);
}
@@ -900,6 +902,8 @@ static bool open_sockets(bool isdaemon, int port)
exit(1);
}
+ reopen_logs();
+
if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
&& !lp_parm_bool(-1, "server role check", "inhibit", false)) {
/* TODO: when we have a merged set of defaults for
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 8f314a7..eb59adb 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -144,7 +144,7 @@ void *secrets_fetch(const char *key, size_t *size)
return NULL;
}
- result = memdup(dbuf.dptr, dbuf.dsize);
+ result = smb_memdup(dbuf.dptr, dbuf.dsize);
if (result == NULL) {
return NULL;
}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index adf4b6f..902b43f 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -5193,7 +5193,7 @@ void reply_writeclose(struct smb_request *req)
mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
data = (const char *)req->buf + 1;
- if (!fsp->print_file) {
+ if (fsp->print_file == NULL) {
init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
(uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
&lock);
@@ -5207,6 +5207,10 @@ void reply_writeclose(struct smb_request *req)
nwritten = write_file(req,fsp,data,startpos,numtowrite);
+ if (fsp->print_file == NULL) {
+ SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
+ }
+
set_close_write_time(fsp, mtime);
/*
@@ -5214,34 +5218,32 @@ void reply_writeclose(struct smb_request *req)
* JRA.
*/
+ DEBUG(3,("writeclose %s num=%d wrote=%d (numopen=%d)\n",
+ fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten,
+ (numtowrite) ? conn->num_files_open - 1 : conn->num_files_open));
+
if (numtowrite) {
DEBUG(3,("reply_writeclose: zero length write doesn't close "
"file %s\n", fsp_str_dbg(fsp)));
close_status = close_file(req, fsp, NORMAL_CLOSE);
+ fsp = NULL;
}
- DEBUG(3,("writeclose %s num=%d wrote=%d (numopen=%d)\n",
- fsp_fnum_dbg(fsp), (int)numtowrite, (int)nwritten,
- conn->num_files_open));
-
if(((nwritten == 0) && (numtowrite != 0))||(nwritten < 0)) {
reply_nterror(req, NT_STATUS_DISK_FULL);
- goto strict_unlock;
+ goto out;
}
if(!NT_STATUS_IS_OK(close_status)) {
reply_nterror(req, close_status);
- goto strict_unlock;
+ goto out;
}
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf,smb_vwv0,nwritten);
-strict_unlock:
- if (numtowrite && !fsp->print_file) {
- SMB_VFS_STRICT_UNLOCK(conn, fsp, &lock);
- }
+out:
END_PROFILE(SMBwriteclose);
return;
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index cdcfe06..7122bf2 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -245,7 +245,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn,
/* Return the raw blob. */
SAFE_FREE(*ppdata);
- *ppdata = (unsigned char *)memdup(response.data, response.length);
+ *ppdata = (unsigned char *)smb_memdup(response.data, response.length);
if ((*ppdata) == NULL && response.length > 0)
return NT_STATUS_NO_MEMORY;
*p_data_size = response.length;
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index d474219..c34247e 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -331,8 +331,8 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct
TALLOC_FREE(ctx_p->token);
if (ngroups) {
- ctx_p->ut.groups = (gid_t *)memdup(groups,
- sizeof(gid_t) * ngroups);
+ ctx_p->ut.groups = (gid_t *)smb_memdup(groups,
+ sizeof(gid_t) * ngroups);
if (!ctx_p->ut.groups) {
smb_panic("memdup failed");
}
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 34319df..860526b 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3556,7 +3556,7 @@ static struct cache_entry *create_centry_validate(const char *kstr, TDB_DATA dat
struct cache_entry *centry;
centry = SMB_XMALLOC_P(struct cache_entry);
- centry->data = (unsigned char *)memdup(data.dptr, data.dsize);
+ centry->data = (unsigned char *)smb_memdup(data.dptr, data.dsize);
if (!centry->data) {
SAFE_FREE(centry);
return NULL;
diff --git a/source4/smbd/process_thread.c b/source4/smbd/process_thread.c
index 764c1f3..ad264c9 100644
--- a/source4/smbd/process_thread.c
+++ b/source4/smbd/process_thread.c
@@ -218,7 +218,7 @@ static void thread_set_title(struct tevent_context *ev, const char *title)
static int thread_mutex_init(smb_mutex_t *mutex, const char *name)
{
pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;
- mutex->mutex = memdup(&m, sizeof(m));
+ mutex->mutex = smb_memdup(&m, sizeof(m));
if (! mutex->mutex) {
errno = ENOMEM;
return -1;
@@ -294,7 +294,7 @@ static int thread_mutex_unlock(smb_mutex_t *mutex, const char *name)
static int thread_rwlock_init(smb_rwlock_t *rwlock, const char *name)
{
pthread_rwlock_t m = PTHREAD_RWLOCK_INITIALIZER;
- rwlock->rwlock = memdup(&m, sizeof(m));
+ rwlock->rwlock = smb_memdup(&m, sizeof(m));
if (! rwlock->rwlock) {
errno = ENOMEM;
return -1;
--
Samba Shared Repository
More information about the samba-cvs
mailing list