[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Mon May 27 14:30:01 UTC 2019
The branch, master has been updated
via e09053faf45 registry: add a missing include
via a1f95ba5db6 s3: winbind: Fix crash when invoking winbind idmap scripts.
from 412afb2aef1 Fix ubsan null pointer passed as argument 2
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e09053faf457f69ad9b5e6a34be43c947503575f
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 16 16:05:31 2019 +0200
registry: add a missing include
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon May 27 14:29:36 UTC 2019 on sn-devel-184
commit a1f95ba5db6fc017fad35377fbf76c048f2dd8ab
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 23 13:33:21 2019 -0700
s3: winbind: Fix crash when invoking winbind idmap scripts.
Previously the private context was caching a pointer to
a string returned from lp_XXX(). This string can change
on config file reload. Ensure the string is talloc_strup'ed
onto the owning context instead.
Reported by Heinrich Mislik <Heinrich.Mislik at univie.ac.at>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13956
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/registry/tests/test_regfio.c | 1 +
source3/winbindd/idmap_script.c | 20 ++++++++++++++++----
source3/winbindd/idmap_tdb2.c | 22 +++++++++++++++++-----
3 files changed, 34 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/registry/tests/test_regfio.c b/source3/registry/tests/test_regfio.c
index f945e653708..e835e65e0df 100644
--- a/source3/registry/tests/test_regfio.c
+++ b/source3/registry/tests/test_regfio.c
@@ -31,6 +31,7 @@
#include "includes.h"
#include "lib/replace/replace.h"
+#include "system/filesys.h"
#include "lib/util/samba_util.h"
#include "registry/regfio.h"
diff --git a/source3/winbindd/idmap_script.c b/source3/winbindd/idmap_script.c
index 7ad6b806fb8..f382f896b35 100644
--- a/source3/winbindd/idmap_script.c
+++ b/source3/winbindd/idmap_script.c
@@ -615,6 +615,7 @@ static NTSTATUS idmap_script_db_init(struct idmap_domain *dom)
NTSTATUS ret;
struct idmap_script_context *ctx;
const char * idmap_script = NULL;
+ const char *ctx_script = NULL;
DEBUG(10, ("%s called ...\n", __func__));
@@ -625,7 +626,7 @@ static NTSTATUS idmap_script_db_init(struct idmap_domain *dom)
goto failed;
}
- ctx->script = idmap_config_const_string(dom->name, "script", NULL);
+ ctx_script = idmap_config_const_string(dom->name, "script", NULL);
/* Do we even need to handle this? */
idmap_script = lp_parm_const_string(-1, "idmap", "script", NULL);
@@ -634,13 +635,24 @@ static NTSTATUS idmap_script_db_init(struct idmap_domain *dom)
" Please use 'idmap config * : script' instead!\n"));
}
- if (strequal(dom->name, "*") && ctx->script == NULL) {
+ if (strequal(dom->name, "*") && ctx_script == NULL) {
/* fall back to idmap:script for backwards compatibility */
- ctx->script = idmap_script;
+ ctx_script = idmap_script;
}
- if (ctx->script) {
+ if (ctx_script) {
DEBUG(1, ("using idmap script '%s'\n", ctx->script));
+ /*
+ * We must ensure this memory is owned by ctx.
+ * The ctx_script const pointer is a pointer into
+ * the config file data and may become invalid
+ * on config file reload. BUG: 13956
+ */
+ ctx->script = talloc_strdup(ctx, ctx_script);
+ if (ctx->script == NULL) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto failed;
+ }
}
dom->private_data = ctx;
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index b784546bb33..eceab9c0784 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -522,6 +522,7 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
struct idmap_tdb_common_context *commonctx;
struct idmap_tdb2_context *ctx;
const char * idmap_script = NULL;
+ const char *ctx_script = NULL;
commonctx = talloc_zero(dom, struct idmap_tdb_common_context);
if(!commonctx) {
@@ -543,7 +544,7 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
goto failed;
}
- ctx->script = idmap_config_const_string(dom->name, "script", NULL);
+ ctx_script = idmap_config_const_string(dom->name, "script", NULL);
idmap_script = lp_parm_const_string(-1, "idmap", "script", NULL);
if (idmap_script != NULL) {
@@ -551,13 +552,24 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
" Please use 'idmap config * : script' instead!\n"));
}
- if (strequal(dom->name, "*") && ctx->script == NULL) {
+ if (strequal(dom->name, "*") && ctx_script == NULL) {
/* fall back to idmap:script for backwards compatibility */
- ctx->script = idmap_script;
+ ctx_script = idmap_script;
}
- if (ctx->script) {
- DEBUG(1, ("using idmap script '%s'\n", ctx->script));
+ if (ctx_script) {
+ DEBUG(1, ("using idmap script '%s'\n", ctx_script));
+ /*
+ * We must ensure this memory is owned by ctx.
+ * The ctx_script const pointer is a pointer into
+ * the config file data and may become invalid
+ * on config file reload. BUG: 13956
+ */
+ ctx->script = talloc_strdup(ctx, ctx_script);
+ if (ctx->script == NULL) {
+ ret = NT_STATUS_NO_MEMORY;
+ goto failed;
+ }
}
commonctx->max_id = dom->high_id;
--
Samba Shared Repository
More information about the samba-cvs
mailing list