[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Oct 27 02:55:02 UTC 2017


The branch, master has been updated
       via  3271908 s3:modules: Check correct variable for NULL in posixacl_xattr
       via  5274beb s3:passdb: Make sure the salt is fully initialized before passing
       via  d6a418c s3:secrets: Do not leak memory of pw and old_pw
      from  4f45843 s3:vfs_glusterfs: Use SAFE_FREE

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 327190893f5f3352a2e6abc4872b54092ee7de68
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Oct 25 19:55:32 2017 +0200

    s3:modules: Check correct variable for NULL in posixacl_xattr
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Oct 27 04:54:22 CEST 2017 on sn-devel-144

commit 5274beba4cf722a34403dc07bf287815a6df6281
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Oct 25 19:50:57 2017 +0200

    s3:passdb: Make sure the salt is fully initialized before passing
    
    Otherwise the magic member is not initialized.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit d6a418c13f0a41851ecc0579765502e076a5cd3b
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Oct 25 19:30:28 2017 +0200

    s3:secrets: Do not leak memory of pw and old_pw
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/posixacl_xattr.c         |  2 +-
 source3/passdb/machine_account_secrets.c | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/posixacl_xattr.c b/source3/modules/posixacl_xattr.c
index 759d372..8f6f365 100644
--- a/source3/modules/posixacl_xattr.c
+++ b/source3/modules/posixacl_xattr.c
@@ -384,7 +384,7 @@ SMB_ACL_T posixacl_xattr_acl_get_file(vfs_handle_struct *handle,
 		TALLOC_CTX *frame = talloc_stackframe();
 		struct smb_filename *smb_fname_tmp =
 			cp_smb_filename_nostream(frame, smb_fname);
-		if (smb_fname == NULL) {
+		if (smb_fname_tmp == NULL) {
 			errno = ENOMEM;
 			ret = -1;
 		} else {
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 5a0f7a8..75f31cb 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1090,8 +1090,10 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		return krb5_ret;
 	}
 
-	salt.data = discard_const(salt_data);
-	salt.length = strlen(salt_data);
+	salt = (krb5_data) {
+		.data = discard_const(salt_data),
+		.length = strlen(salt_data),
+	};
 
 	ok = convert_string_talloc(keys, CH_UTF16MUNGED, CH_UTF8,
 				   p->cleartext_blob.data,
@@ -1367,6 +1369,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 		DBG_ERR("secrets_fetch_domain_sid(%s) failed\n",
 			domain);
 		dbwrap_transaction_cancel(db);
+		SAFE_FREE(old_pw);
+		SAFE_FREE(pw);
 		TALLOC_FREE(frame);
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	}
@@ -1381,6 +1385,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 	if (info->account_name == NULL) {
 		DBG_ERR("talloc_asprintf(%s$) failed\n", info->computer_name);
 		dbwrap_transaction_cancel(db);
+		SAFE_FREE(old_pw);
+		SAFE_FREE(pw);
 		TALLOC_FREE(frame);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1418,6 +1424,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 			DBG_ERR("talloc_asprintf(%s#%02X) failed\n",
 				domain, NBT_NAME_PDC);
 			dbwrap_transaction_cancel(db);
+			SAFE_FREE(pw);
+			SAFE_FREE(old_pw);
 			TALLOC_FREE(frame);
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -1438,6 +1446,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 		p = kerberos_secrets_fetch_salt_princ();
 		if (p == NULL) {
 			dbwrap_transaction_cancel(db);
+			SAFE_FREE(old_pw);
+			SAFE_FREE(pw);
 			TALLOC_FREE(frame);
 			return NT_STATUS_INTERNAL_ERROR;
 		}
@@ -1445,6 +1455,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 		SAFE_FREE(p);
 		if (info->salt_principal == NULL) {
 			dbwrap_transaction_cancel(db);
+			SAFE_FREE(pw);
+			SAFE_FREE(old_pw);
 			TALLOC_FREE(frame);
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -1459,6 +1471,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 						     info->salt_principal,
 						     last_set_nt, server,
 						     &info->password);
+	SAFE_FREE(pw);
 	if (!NT_STATUS_IS_OK(status)) {
 		DBG_ERR("secrets_domain_info_password_create(pw) failed "
 			"for %s - %s\n", domain, nt_errstr(status));
@@ -1476,6 +1489,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 							     info->salt_principal,
 							     0, server,
 							     &info->old_password);
+		SAFE_FREE(old_pw);
 		if (!NT_STATUS_IS_OK(status)) {
 			DBG_ERR("secrets_domain_info_password_create(old) failed "
 				"for %s - %s\n", domain, nt_errstr(status));


-- 
Samba Shared Repository



More information about the samba-cvs mailing list