[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed May 7 20:25:04 MDT 2014 

The branch, master has been updated
       via  06c25eb wbclient: ensure response struct is initialized
      from  a5b96ee s3-krb5: Limit search for old kvno to 8bits

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 06c25eb25e389652a9cd87f08729f30e4df6b25b
Author: Alexander Bokovoy <ab at samba.org>
Date:   Wed May 7 11:00:46 2014 +0300

    wbclient: ensure response struct is initialized
    
    Prior to asking for a winbindd private pipe we need to initialize
    response structure to deal with a possible response failure.
    
    winbind_open_pipe_sock() issues two winbindd requests:
     - asks for interface version
     - asks for a private pipe
    
    The first call returns interface version in a response structure (which
    is a union). The second call might fail -- in this case response
    structure will not be initialized or filled in with any information.
    
    As result, if the second call failed, response structure will have data
    from an interface string interpreted as a pointer to a string during
    SAFE_FREE() at the end of the winbind_open_pipe_sock().
    
    To avoid that, ensure response struct is initialized before asking for
    a private pipe.
    
    https://bugzilla.samba.org/show_bug.cgi?id=10596
    
    Signed-off-by: Alexander Bokovoy <ab at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu May  8 04:24:53 CEST 2014 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 nsswitch/wb_common.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index f4a31a9..b34ab33 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -374,6 +374,13 @@ static int winbind_open_pipe_sock(int recursing, int need_priv)
 	/* try and get priv pipe */
 
 	request.wb_flags = WBFLAG_RECURSE;
+
+	/* Note that response needs to be initialized to avoid
+	 * crashing on clean up after WINBINDD_PRIV_PIPE_DIR call failed
+	 * as interface version (from the first request) returned as a fstring,
+	 * thus response.extra_data.data will not be NULL even though
+	 * winbindd response did not write over it due to a failure */
+	ZERO_STRUCT(response);
 	if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
 		int fd;
 		if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list