[SCM] Samba Shared Repository - branch v4-2-test updated

Mon Feb 23 15:08:08 MST 2015

The branch, v4-2-test has been updated
       via  3bd8850 s3-netlogon: Make sure we do not deference a NULL pointer.
       via  9988930 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
      from  bba7796 s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test


- Log -----------------------------------------------------------------
commit 3bd8850360931145d6015d69b14089c99b370780
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Feb 16 10:59:23 2015 +0100

    s3-netlogon: Make sure we do not deference a NULL pointer.
    
    This is an additional patch for CVE-2015-0240.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
    
    Pair-Programmed-With: Michael Adam <obnox at samba.org>
    Pair-Programmed-With: Andreas Schneider <asn at samba.org>
    Signed-off-by: Michael Adam <obnox at samba.org>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(v4-2-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-2-test): Mon Feb 23 23:07:35 CET 2015 on sn-devel-104

commit 9988930c3524bc0d4a641b04716b3e6389c696fa
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Jan 28 14:47:31 2015 -0800

    CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fdcc847..b487c31 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1100,6 +1100,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
 	bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
 	struct loadparm_context *lp_ctx;
 
+	if (creds_out != NULL) {
+		*creds_out = NULL;
+	}
+
 	if (schannel_global_required) {
 		status = schannel_check_required(&p->auth,
 						 computer_name,
@@ -1257,7 +1261,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
 {
 	NTSTATUS status = NT_STATUS_OK;
 	int i;
-	struct netlogon_creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds = NULL;
 
 	DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
 
@@ -1270,9 +1274,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
 	unbecome_root();
 
 	if (!NT_STATUS_IS_OK(status)) {
+		const char *computer_name = "<unknown>";
+
+		if (creds != NULL && creds->computer_name != NULL) {
+			computer_name = creds->computer_name;
+		}
 		DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
-			r->in.computer_name, creds->computer_name));
+			r->in.computer_name, computer_name));
 		TALLOC_FREE(creds);
 		return status;
 	}


-- 
Samba Shared Repository
