[SCM] Samba Shared Repository - branch master updated
David Disseldorp
ddiss at samba.org
Mon Apr 13 18:59:04 MDT 2015
The branch, master has been updated
via 2d4db4a s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid.
from 2a6e170 witness: add WITNESS_UNSPECIFIED_VERSION to IDL.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2d4db4a65e1e8924470741378fe249f22196eceb
Author: Jeremy Allison <jra at samba.org>
Date: Tue Mar 31 14:40:23 2015 -0700
s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid.
Bug #11186: Crash seen in libsmbclient due to free of server structure during SMBC_getxattr() call
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11186
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Tue Apr 14 02:58:43 CEST 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/libsmb_xattr.c | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c
index 8493776..9f7bea8 100644
--- a/source3/libsmb/libsmb_xattr.c
+++ b/source3/libsmb/libsmb_xattr.c
@@ -2073,6 +2073,25 @@ SMBC_getxattr_ctx(SMBCCTX *context,
if (! srv->no_nt_session) {
ipc_srv = SMBC_attr_server(frame, context, server, port, share,
&workgroup, &user, &password);
+ /*
+ * SMBC_attr_server() can cause the original
+ * server to be removed from the cache.
+ * If so we must error out here as the srv
+ * pointer has been freed.
+ */
+ if (smbc_getFunctionGetCachedServer(context)(context,
+ server,
+ share,
+ workgroup,
+ user) != srv) {
+#if defined(ECONNRESET)
+ errno = ECONNRESET;
+#else
+ errno = ETIMEDOUT;
+#endif
+ TALLOC_FREE(frame);
+ return -1;
+ }
if (! ipc_srv) {
srv->no_nt_session = True;
}
@@ -2208,9 +2227,31 @@ SMBC_removexattr_ctx(SMBCCTX *context,
}
if (! srv->no_nt_session) {
+ int saved_errno;
ipc_srv = SMBC_attr_server(frame, context, server, port, share,
&workgroup, &user, &password);
+ saved_errno = errno;
+ /*
+ * SMBC_attr_server() can cause the original
+ * server to be removed from the cache.
+ * If so we must error out here as the srv
+ * pointer has been freed.
+ */
+ if (smbc_getFunctionGetCachedServer(context)(context,
+ server,
+ share,
+ workgroup,
+ user) != srv) {
+#if defined(ECONNRESET)
+ errno = ECONNRESET;
+#else
+ errno = ETIMEDOUT;
+#endif
+ TALLOC_FREE(frame);
+ return -1;
+ }
if (! ipc_srv) {
+ errno = saved_errno;
srv->no_nt_session = True;
}
} else {
--
Samba Shared Repository
More information about the samba-cvs
mailing list