[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Apr 14 11:25:04 UTC 2016
The branch, master has been updated
via 43ea097 s3:libsmb: Fix illegal memory access after memory has been deleted.
from 2ec4e16 s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 43ea0974613d91548093999015d0f142aa07aeb3
Author: Noel Power <noel.power at suse.com>
Date: Wed Apr 13 17:57:31 2016 +0100
s3:libsmb: Fix illegal memory access after memory has been deleted.
smbtorture with the libsmbclient test suite produces the following valgrind
trace
==31432== Invalid read of size 8
==31432== at 0x99B8858: smbc_free_context (libsmb_context.c:260)
==31432== by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432== by 0x9553F42: wrap_simple_test (torture.c:632)
==31432== by 0x955366F: internal_torture_run_test (torture.c:442)
==31432== by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432== by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432== by 0x95531D7: torture_run_suite (torture.c:339)
==31432== by 0x25FEFF: run_matching (smbtorture.c:93)
==31432== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==31432== by 0x261E14: main (smbtorture.c:665)
==31432== Address 0x18864a70 is 80 bytes inside a block of size 96 free'd
==31432== at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31432== by 0x99BCC46: SMBC_closedir_ctx (libsmb_dir.c:922)
==31432== by 0x99C06CA: SMBC_close_ctx (libsmb_file.c:370)
==31432== by 0x99B8853: smbc_free_context (libsmb_context.c:259)
==31432== by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432== by 0x9553F42: wrap_simple_test (torture.c:632)
==31432== by 0x955366F: internal_torture_run_test (torture.c:442)
==31432== by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432== by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432== by 0x95531D7: torture_run_suite (torture.c:339)
==31432== by 0x25FEFF: run_matching (smbtorture.c:93)
==31432== by 0x260195: torture_run_named_tests (smbtorture.c:143)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11836
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Apr 14 13:24:10 CEST 2016 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/libsmb_context.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index 5e31dfb..a956058 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -256,8 +256,9 @@ smbc_free_context(SMBCCTX *context,
f = context->internal->files;
while (f) {
+ SMBCFILE *next = f->next;
smbc_getFunctionClose(context)(context, f);
- f = f->next;
+ f = next;
}
context->internal->files = NULL;
--
Samba Shared Repository
More information about the samba-cvs
mailing list