[SCM] Samba Shared Repository - branch v4-2-test updated
Karolin Seeger
kseeger at samba.org
Fri Nov 20 13:19:04 UTC 2015
The branch, v4-2-test has been updated
via 6033569 fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst
via 1eb6f36 fix 'Invalid read of size 1' in reply_search
via 9e8475e fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext
via 579c13de fix uninitialised read in process_host_announce
via 6a7f87b remove many valgrind errors for base.lock test
via 7cbca2f nss_wins: Use lp_global_no_reinit()
from 92cc4e0 s3: winbind: Prevent null ptr access by returning error if no creds available
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test
- Log -----------------------------------------------------------------
commit 6033569bc45e645ba52c6f7b3ed15093db239629
Author: Noel Power <noel.power at suse.com>
Date: Wed Oct 28 15:42:06 2015 +0000
fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 9b2aba1b7aa7386dfc64bcefafa83374b6525354)
The last 5 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11597
backport some valgrind fixes from upstream master to 4.2 / 4.3
Autobuild-User(v4-2-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-2-test): Fri Nov 20 14:18:32 CET 2015 on sn-devel-104
commit 1eb6f3617b63fcabebfba1659f00431f79c2b4ab
Author: Noel Power <noel.power at suse.com>
Date: Wed Oct 28 17:08:28 2015 +0000
fix 'Invalid read of size 1' in reply_search
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da)
commit 9e8475e4e366aca2d3b09341876a1f95bc711224
Author: Noel Power <noel.power at suse.com>
Date: Wed Oct 28 19:53:49 2015 +0000
fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 17482d52160acc869af9f7a2029d5b595d33a12d)
commit 579c13dee811f9b4a53ae1ff835b8be8e1979d7c
Author: Noel Power <noel.power at suse.com>
Date: Wed Oct 28 21:17:42 2015 +0000
fix uninitialised read in process_host_announce
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 7ade51901381507beaeac92e9b0d2f0d424123a9)
commit 6a7f87b98d58040c39c4096bcc03096c135c9361
Author: Noel Power <noel.power at suse.com>
Date: Thu Oct 29 11:11:00 2015 +0000
remove many valgrind errors for base.lock test
mostly "Conditional jump or move depends on uninitialised value" &
"Use of uninitialised value of size 8" errors, suspect this is
related to compiler padding for the struct
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 6 00:16:53 CET 2015 on sn-devel-104
(cherry picked from commit ce8068e70b11a3ce5634c56f43a035713c5ea2ed)
commit 7cbca2fbbe41e2e76d60d2523dc6cd0514f3765b
Author: Andreas Schneider <asn at samba.org>
Date: Fri Oct 23 15:28:23 2015 +0200
nss_wins: Use lp_global_no_reinit()
This avoids that we run into use after free issues when we access memory
allocated on the globals and the global being reinitialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0abbfb2e4d5bcd847983ef7981840f1eab7b917c)
-----------------------------------------------------------------------
Summary of changes:
nsswitch/wins.c | 2 +-
source3/locking/brlock.c | 2 ++
source3/nmbd/nmbd_incomingdgrams.c | 2 ++
source3/smbd/reply.c | 9 +++++----
source3/smbd/trans2.c | 11 ++++++++++-
5 files changed, 20 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/wins.c b/nsswitch/wins.c
index d63968b..6b5c3e2 100644
--- a/nsswitch/wins.c
+++ b/nsswitch/wins.c
@@ -53,7 +53,7 @@ static void nss_wins_init(void)
TimeInit();
setup_logging("nss_wins",False);
- lp_load(get_dyn_CONFIGFILE(),True,False,False,True);
+ lp_load_global_no_reinit(get_dyn_CONFIGFILE());
load_interfaces();
}
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 1a468d0..30f4cee 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -1006,6 +1006,8 @@ NTSTATUS brl_lock(struct messaging_context *msg_ctx,
NTSTATUS ret;
struct lock_struct lock;
+ ZERO_STRUCT(lock);
+
#if !ZERO_ZERO
if (start == 0 && size == 0) {
DEBUG(0,("client sent 0/0 lock - please report this\n"));
diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c
index 2dc684e..5a99fef 100644
--- a/source3/nmbd/nmbd_incomingdgrams.c
+++ b/source3/nmbd/nmbd_incomingdgrams.c
@@ -106,6 +106,8 @@ void process_host_announce(struct subnet_record *subrec, struct packet_struct *p
struct server_record *servrec;
unstring work_name;
unstring source_name;
+ ZERO_STRUCT(source_name);
+ ZERO_STRUCT(announce_name);
START_PROFILE(host_announce);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 05ebe21..0f96b0d 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1587,7 +1587,7 @@ void reply_search(struct smb_request *req)
{
connection_struct *conn = req->conn;
char *path = NULL;
- const char *mask = NULL;
+ char *mask = NULL;
char *directory = NULL;
struct smb_filename *smb_fname = NULL;
char *fname = NULL;
@@ -1668,11 +1668,11 @@ void reply_search(struct smb_request *req)
p = strrchr_m(directory,'/');
if ((p != NULL) && (*directory != '/')) {
- mask = p + 1;
+ mask = talloc_strdup(ctx, p + 1);
directory = talloc_strndup(ctx, directory,
PTR_DIFF(p, directory));
} else {
- mask = directory;
+ mask = talloc_strdup(ctx, directory);
directory = talloc_strdup(ctx,".");
}
@@ -1721,7 +1721,7 @@ void reply_search(struct smb_request *req)
goto out;
}
- mask = dptr_wcard(sconn, dptr_num);
+ mask = talloc_strdup(ctx, dptr_wcard(sconn, dptr_num));
if (!mask) {
goto SearchEmpty;
}
@@ -1860,6 +1860,7 @@ void reply_search(struct smb_request *req)
maxentries ));
out:
TALLOC_FREE(directory);
+ TALLOC_FREE(mask);
TALLOC_FREE(smb_fname);
END_PROFILE(SMBsearch);
return;
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index a937023..41e1bb1 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2641,7 +2641,11 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
pdata = *ppdata;
data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
-
+ /*
+ * squash valgrind "writev(vector[...]) points to uninitialised byte(s)"
+ * error.
+ */
+ memset(pdata + total_data, 0, ((max_data_bytes + DIR_ENTRY_SAFETY_MARGIN) - total_data));
/* Realloc the params space */
*pparams = (char *)SMB_REALLOC(*pparams, 10);
if (*pparams == NULL) {
@@ -2988,6 +2992,11 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
pdata = *ppdata;
data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
+ /*
+ * squash valgrind "writev(vector[...]) points to uninitialised byte(s)"
+ * error.
+ */
+ memset(pdata + total_data, 0, (max_data_bytes + DIR_ENTRY_SAFETY_MARGIN) - total_data);
/* Realloc the params space */
*pparams = (char *)SMB_REALLOC(*pparams, 6*SIZEOFWORD);
if(*pparams == NULL ) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list