[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Fri Mar 18 23:57:05 UTC 2016
The branch, master has been updated
via e806824 ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
via ac4dc0c s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
from e8e2386 s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e806824fc8841553102eefdd748b5c6d261f1bb7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Mar 16 12:46:12 2016 +1300
ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
ldb_base64_decode() returns -1 if a string can't be parsed as base64,
and this is not the kind of value you want to use in talloc_memdup().
In these cases it can happen innocently if the strings are truncated
to fit in their buffers.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Mar 19 00:56:42 CET 2016 on sn-devel-144
commit ac4dc0c678dddf1eab977dddfc4344d835be7824
Author: Shyamsunder Rathi <shyam.rathi at nutanix.com>
Date: Thu Mar 10 12:37:49 2016 -0800
s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
At present, substitutions in the streams directory path are ignored. Fix it
by modifying 'stream_dir' function to call 'lp_parm_talloc_string' which
internally calls 'lp_string' on the path.
Signed-off-by: Shyamsunder Rathi <shyam.rathi at nutanix.com>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/common/ldb_controls.c | 31 +++++++++++++++++++++++++++----
source3/modules/vfs_streams_depot.c | 10 ++++++++--
2 files changed, 35 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index 7da0cf0..0fdd13a 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -507,8 +507,16 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->match.byOffset.contentCount = cc;
}
if (ctxid[0]) {
- control->ctxid_len = ldb_base64_decode(ctxid);
- control->contextId = talloc_memdup(control, ctxid, control->ctxid_len);
+ int len = ldb_base64_decode(ctxid);
+ if (len < 0) {
+ ldb_set_errstring(ldb,
+ "invalid VLV context_id\n");
+ talloc_free(ctrl);
+ return NULL;
+ }
+ control->ctxid_len = len;
+ control->contextId = talloc_memdup(control, ctxid,
+ control->ctxid_len);
} else {
control->ctxid_len = 0;
control->contextId = NULL;
@@ -552,7 +560,14 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->flags = flags;
control->max_attributes = max_attrs;
if (*cookie) {
- control->cookie_len = ldb_base64_decode(cookie);
+ int len = ldb_base64_decode(cookie);
+ if (len < 0) {
+ ldb_set_errstring(ldb,
+ "invalid dirsync cookie\n");
+ talloc_free(ctrl);
+ return NULL;
+ }
+ control->cookie_len = len;
control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len);
} else {
control->cookie = NULL;
@@ -597,7 +612,15 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
control->flags = flags;
control->max_attributes = max_attrs;
if (*cookie) {
- control->cookie_len = ldb_base64_decode(cookie);
+ int len = ldb_base64_decode(cookie);
+ if (len < 0) {
+ ldb_set_errstring(ldb,
+ "invalid dirsync_ex cookie"
+ " (probably too long)\n");
+ talloc_free(ctrl);
+ return NULL;
+ }
+ control->cookie_len = len;
control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len);
} else {
control->cookie = NULL;
diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c
index ef5ef64..5a97444 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -123,7 +123,7 @@ static char *stream_dir(vfs_handle_struct *handle,
struct file_id id;
uint8_t id_buf[16];
bool check_valid;
- const char *rootdir;
+ char *rootdir = NULL;
struct smb_filename *rootdir_fname = NULL;
struct smb_filename *tmp_fname = NULL;
@@ -137,9 +137,13 @@ static char *stream_dir(vfs_handle_struct *handle,
goto fail;
}
- rootdir = lp_parm_const_string(
+ rootdir = lp_parm_talloc_string(talloc_tos(),
SNUM(handle->conn), "streams_depot", "directory",
tmp);
+ if (rootdir == NULL) {
+ errno = ENOMEM;
+ goto fail;
+ }
rootdir_fname = synthetic_smb_fname(talloc_tos(),
rootdir,
@@ -329,12 +333,14 @@ static char *stream_dir(vfs_handle_struct *handle,
}
TALLOC_FREE(rootdir_fname);
+ TALLOC_FREE(rootdir);
TALLOC_FREE(tmp_fname);
TALLOC_FREE(smb_fname_hash);
return result;
fail:
TALLOC_FREE(rootdir_fname);
+ TALLOC_FREE(rootdir);
TALLOC_FREE(tmp_fname);
TALLOC_FREE(smb_fname_hash);
TALLOC_FREE(result);
--
Samba Shared Repository
More information about the samba-cvs
mailing list