[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Tue Jun 7 16:32:03 UTC 2016
The branch, master has been updated
via 08a7866 libsmb: Fix two CIDs for NULL dereference
via f5e95af rpc_server: Fix CID 1362565 Improper use of negative value
via 6279773 lib: Fix CID 1362566 Dereference null return value
via 6d26d72 lib: Add accept_send/recv
via dd27469 lib: Move poll_funcs to lib/
via 2db6eb8 lib/util: Expose few more subsystems for standalone ctdb build
via 6dcf81a lib: Move msghdr to lib/util/
via 768f356 lib/poll_funcs: Build as SAMBA_SUBSYSTEM
from 1a87c9b repl: Avoid use-after-free when working with the working_schema
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 08a78662e9406fbc23db059f30b4e55392ee7332
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 7 10:07:21 2016 +0200
libsmb: Fix two CIDs for NULL dereference
This whole area is a known-to-be-broken mess, but this patch should fix
the immediate crash
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jun 7 18:31:30 CEST 2016 on sn-devel-144
commit f5e95af59b76f3aa0d428fbf2f5cc5e65f6cd409
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 7 10:01:32 2016 +0200
rpc_server: Fix CID 1362565 Improper use of negative value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 6279773fed4c31bc5fb93979756125b184070443
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 7 09:58:24 2016 +0200
lib: Fix CID 1362566 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 6d26d7253e2b7376c4a8a0b333051fe82b204135
Author: Volker Lendecke <vl at samba.org>
Date: Sun Nov 30 16:10:32 2014 +0100
lib: Add accept_send/recv
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dd2746912369237990030fa966732f3ffd977b93
Author: Volker Lendecke <vl at samba.org>
Date: Sat May 14 10:07:24 2016 +0200
lib: Move poll_funcs to lib/
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 2db6eb87b40d27623be7328aefec1799a48306ea
Author: Amitay Isaacs <amitay at gmail.com>
Date: Sun May 15 21:44:22 2016 +1000
lib/util: Expose few more subsystems for standalone ctdb build
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 6dcf81a202fbb724d07cc95111d2cb0c82486128
Author: Volker Lendecke <vl at samba.org>
Date: Sat May 14 09:45:49 2016 +0200
lib: Move msghdr to lib/util/
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 768f356f9957352581b1c04c4f110dcdf05e4197
Author: Amitay Isaacs <amitay at gmail.com>
Date: Sun May 15 21:43:57 2016 +1000
lib/poll_funcs: Build as SAMBA_SUBSYSTEM
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/async_req/async_sock.c | 83 ++++++++++++++++++++++
lib/async_req/async_sock.h | 5 ++
{source3/lib => lib}/poll_funcs/poll_funcs.h | 0
.../lib => lib}/poll_funcs/poll_funcs_tevent.c | 0
.../lib => lib}/poll_funcs/poll_funcs_tevent.h | 0
lib/poll_funcs/wscript_build | 5 ++
{source3/lib => lib/util}/msghdr.c | 2 +-
{source3/lib => lib/util}/msghdr.h | 0
lib/util/wscript_build | 28 +++++---
source3/lib/messages.c | 8 ++-
source3/lib/poll_funcs/wscript_build | 5 --
source3/lib/unix_msg/unix_msg.c | 2 +-
source3/libsmb/libsmb_server.c | 18 +++--
source3/modules/vfs_aio_fork.c | 2 +-
source3/wscript_build | 6 --
source4/rpc_server/dcerpc_server.c | 10 ++-
wscript_build | 1 +
17 files changed, 142 insertions(+), 33 deletions(-)
rename {source3/lib => lib}/poll_funcs/poll_funcs.h (100%)
rename {source3/lib => lib}/poll_funcs/poll_funcs_tevent.c (100%)
rename {source3/lib => lib}/poll_funcs/poll_funcs_tevent.h (100%)
create mode 100644 lib/poll_funcs/wscript_build
rename {source3/lib => lib/util}/msghdr.c (99%)
rename {source3/lib => lib/util}/msghdr.h (100%)
delete mode 100644 source3/lib/poll_funcs/wscript_build
Changeset truncated at 500 lines:
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index c0ad8f3..9ccec9e 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -635,3 +635,86 @@ bool wait_for_read_recv(struct tevent_req *req, int *perr)
return true;
}
+
+struct accept_state {
+ struct tevent_fd *fde;
+ int listen_sock;
+ socklen_t addrlen;
+ struct sockaddr_storage addr;
+ int sock;
+};
+
+static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
+ uint16_t flags, void *private_data);
+
+struct tevent_req *accept_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ int listen_sock)
+{
+ struct tevent_req *req;
+ struct accept_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct accept_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->listen_sock = listen_sock;
+
+ state->fde = tevent_add_fd(ev, state, listen_sock, TEVENT_FD_READ,
+ accept_handler, req);
+ if (tevent_req_nomem(state->fde, req)) {
+ return tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
+ uint16_t flags, void *private_data)
+{
+ struct tevent_req *req = talloc_get_type_abort(
+ private_data, struct tevent_req);
+ struct accept_state *state = tevent_req_data(req, struct accept_state);
+ int ret;
+
+ TALLOC_FREE(state->fde);
+
+ if ((flags & TEVENT_FD_READ) == 0) {
+ tevent_req_error(req, EIO);
+ return;
+ }
+ state->addrlen = sizeof(state->addr);
+
+ ret = accept(state->listen_sock, (struct sockaddr *)&state->addr,
+ &state->addrlen);
+ if ((ret == -1) && (errno == EINTR)) {
+ /* retry */
+ return;
+ }
+ if (ret == -1) {
+ tevent_req_error(req, errno);
+ return;
+ }
+ state->sock = ret;
+ tevent_req_done(req);
+}
+
+int accept_recv(struct tevent_req *req, struct sockaddr_storage *paddr,
+ socklen_t *paddrlen, int *perr)
+{
+ struct accept_state *state = tevent_req_data(req, struct accept_state);
+ int err;
+
+ if (tevent_req_is_unix_error(req, &err)) {
+ if (perr != NULL) {
+ *perr = err;
+ }
+ return -1;
+ }
+ if (paddr != NULL) {
+ memcpy(paddr, &state->addr, state->addrlen);
+ }
+ if (paddrlen != NULL) {
+ *paddrlen = state->addrlen;
+ }
+ return state->sock;
+}
diff --git a/lib/async_req/async_sock.h b/lib/async_req/async_sock.h
index abbf822..9cc052e 100644
--- a/lib/async_req/async_sock.h
+++ b/lib/async_req/async_sock.h
@@ -57,4 +57,9 @@ struct tevent_req *wait_for_read_send(TALLOC_CTX *mem_ctx,
bool check_errors);
bool wait_for_read_recv(struct tevent_req *req, int *perr);
+struct tevent_req *accept_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ int listen_sock);
+int accept_recv(struct tevent_req *req, struct sockaddr_storage *paddr,
+ socklen_t *paddrlen, int *perr);
+
#endif
diff --git a/source3/lib/poll_funcs/poll_funcs.h b/lib/poll_funcs/poll_funcs.h
similarity index 100%
rename from source3/lib/poll_funcs/poll_funcs.h
rename to lib/poll_funcs/poll_funcs.h
diff --git a/source3/lib/poll_funcs/poll_funcs_tevent.c b/lib/poll_funcs/poll_funcs_tevent.c
similarity index 100%
rename from source3/lib/poll_funcs/poll_funcs_tevent.c
rename to lib/poll_funcs/poll_funcs_tevent.c
diff --git a/source3/lib/poll_funcs/poll_funcs_tevent.h b/lib/poll_funcs/poll_funcs_tevent.h
similarity index 100%
rename from source3/lib/poll_funcs/poll_funcs_tevent.h
rename to lib/poll_funcs/poll_funcs_tevent.h
diff --git a/lib/poll_funcs/wscript_build b/lib/poll_funcs/wscript_build
new file mode 100644
index 0000000..df9a298
--- /dev/null
+++ b/lib/poll_funcs/wscript_build
@@ -0,0 +1,5 @@
+#!/usr/bin/env python
+
+bld.SAMBA_SUBSYSTEM('POLL_FUNCS_TEVENT',
+ source='poll_funcs_tevent.c',
+ deps='tevent')
diff --git a/source3/lib/msghdr.c b/lib/util/msghdr.c
similarity index 99%
rename from source3/lib/msghdr.c
rename to lib/util/msghdr.c
index 2aa2f2e..1aeadfc 100644
--- a/source3/lib/msghdr.c
+++ b/lib/util/msghdr.c
@@ -17,7 +17,7 @@
*/
#include "replace.h"
-#include "lib/msghdr.h"
+#include "lib/util/msghdr.h"
#include "lib/util/iov_buf.h"
#include <sys/socket.h>
diff --git a/source3/lib/msghdr.h b/lib/util/msghdr.h
similarity index 100%
rename from source3/lib/msghdr.h
rename to lib/util/msghdr.h
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 713946d..6d2ab4a 100755
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -70,6 +70,23 @@ bld.SAMBA_SUBSYSTEM('samba-util-core',
tevent execinfo pthread strv''',
local_include=False)
+bld.SAMBA_LIBRARY('iov_buf',
+ source='iov_buf.c',
+ local_include=False,
+ private_library=True)
+
+bld.SAMBA_LIBRARY('msghdr',
+ source='msghdr.c',
+ deps='replace iov_buf',
+ local_include=False,
+ private_library=True)
+
+bld.SAMBA_LIBRARY('sys_rw',
+ source='sys_rw.c sys_rw_data.c',
+ deps='replace iov_buf',
+ local_include=False,
+ private_library=True)
+
if bld.env.SAMBA_UTIL_CORE_ONLY:
bld.SAMBA_LIBRARY('tevent-util',
@@ -182,14 +199,3 @@ else:
deps='talloc tdb strv util_tdb tdb-wrap samba-util',
local_include=False,
private_library=True)
-
- bld.SAMBA_LIBRARY('iov_buf',
- source='iov_buf.c',
- local_include=False,
- private_library=True)
-
- bld.SAMBA3_LIBRARY('sys_rw',
- source='sys_rw.c sys_rw_data.c',
- deps='replace iov_buf',
- local_include=False,
- private_library=True)
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index ef8e83d..65e975e 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -393,6 +393,7 @@ struct server_id messaging_server_id(const struct messaging_context *msg_ctx)
NTSTATUS messaging_reinit(struct messaging_context *msg_ctx)
{
int ret;
+ char *lck_path;
TALLOC_FREE(msg_ctx->msg_dgm_ref);
@@ -400,9 +401,14 @@ NTSTATUS messaging_reinit(struct messaging_context *msg_ctx)
.pid = getpid(), .vnn = msg_ctx->id.vnn
};
+ lck_path = lock_path("msg.lock");
+ if (lck_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
msg_ctx->msg_dgm_ref = messaging_dgm_ref(
msg_ctx, msg_ctx->event_ctx, &msg_ctx->id.unique_id,
- private_path("msg.sock"), lock_path("msg.lock"),
+ private_path("msg.sock"), lck_path,
messaging_recv_cb, msg_ctx, &ret);
if (msg_ctx->msg_dgm_ref == NULL) {
diff --git a/source3/lib/poll_funcs/wscript_build b/source3/lib/poll_funcs/wscript_build
deleted file mode 100644
index ab24814..0000000
--- a/source3/lib/poll_funcs/wscript_build
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env python
-
-bld.SAMBA3_SUBSYSTEM('POLL_FUNCS_TEVENT',
- source='poll_funcs_tevent.c',
- deps='tevent')
diff --git a/source3/lib/unix_msg/unix_msg.c b/source3/lib/unix_msg/unix_msg.c
index bcfef28..aed1f75 100644
--- a/source3/lib/unix_msg/unix_msg.c
+++ b/source3/lib/unix_msg/unix_msg.c
@@ -24,7 +24,7 @@
#include "lib/util/dlinklist.h"
#include "pthreadpool/pthreadpool.h"
#include "lib/util/iov_buf.h"
-#include "lib/msghdr.h"
+#include "lib/util/msghdr.h"
#include <fcntl.h>
/*
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 06c0211..eb4d5d2 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -121,14 +121,20 @@ SMBC_call_auth_fn(TALLOC_CTX *ctx,
char **pp_username,
char **pp_password)
{
- fstring workgroup;
- fstring username;
- fstring password;
+ fstring workgroup = { 0 };
+ fstring username = { 0 };
+ fstring password = { 0 };
smbc_get_auth_data_with_context_fn auth_with_context_fn;
- strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
- strlcpy(username, *pp_username, sizeof(username));
- strlcpy(password, *pp_password, sizeof(password));
+ if (*pp_workgroup != NULL) {
+ strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
+ }
+ if (*pp_username != NULL) {
+ strlcpy(username, *pp_username, sizeof(username));
+ }
+ if (*pp_password != NULL) {
+ strlcpy(password, *pp_password, sizeof(password));
+ }
/* See if there's an authentication with context function provided */
auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
index 7d06b98..e9ba4a3 100644
--- a/source3/modules/vfs_aio_fork.c
+++ b/source3/modules/vfs_aio_fork.c
@@ -28,7 +28,7 @@
#include "lib/util/tevent_unix.h"
#include "lib/util/sys_rw.h"
#include "lib/util/sys_rw_data.h"
-#include "lib/msghdr.h"
+#include "lib/util/msghdr.h"
#include "smbprofile.h"
#if !defined(HAVE_STRUCT_MSGHDR_MSG_CONTROL) && !defined(HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTS)
diff --git a/source3/wscript_build b/source3/wscript_build
index ed2424d..365b250 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -783,11 +783,6 @@ bld.SAMBA3_SUBSYSTEM('tdb-wrap3',
source='lib/util_tdb.c',
deps='talloc samba3-util')
-bld.SAMBA3_LIBRARY('msghdr',
- source='lib/msghdr.c',
- deps='replace iov_buf',
- private_library=True)
-
bld.SAMBA3_LIBRARY('samba3-util',
source='''lib/util_sec.c lib/util_str.c lib/adt_tree.c lib/util_malloc.c lib/namearray.c lib/file_id.c''',
deps='samba-util charset',
@@ -1516,7 +1511,6 @@ bld.RECURSE('auth')
bld.RECURSE('libgpo/gpext')
bld.RECURSE('lib/pthreadpool')
bld.RECURSE('lib/asys')
-bld.RECURSE('lib/poll_funcs')
bld.RECURSE('lib/unix_msg')
bld.RECURSE('librpc')
bld.RECURSE('librpc/idl')
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 8c69351..36b3fd2 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -2077,8 +2077,16 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn)
if (transport == NCALRPC) {
uid_t uid;
gid_t gid;
+ int sock_fd;
- ret = getpeereid(socket_get_fd(srv_conn->socket), &uid, &gid);
+ sock_fd = socket_get_fd(srv_conn->socket);
+ if (sock_fd == -1) {
+ stream_terminate_connection(
+ srv_conn, "socket_get_fd failed\n");
+ return;
+ }
+
+ ret = getpeereid(sock_fd, &uid, &gid);
if (ret == -1) {
status = map_nt_error_from_unix_common(errno);
DEBUG(0, ("dcesrv_sock_accept: "
diff --git a/wscript_build b/wscript_build
index 27dc675..3813cff 100644
--- a/wscript_build
+++ b/wscript_build
@@ -43,6 +43,7 @@ bld.RECURSE('lib/texpect')
bld.RECURSE('lib/addns')
bld.RECURSE('lib/ldb')
bld.RECURSE('lib/param')
+bld.RECURSE('lib/poll_funcs')
bld.RECURSE('dynconfig')
bld.RECURSE('lib/util/charset')
bld.RECURSE('python')
--
Samba Shared Repository
More information about the samba-cvs
mailing list