[SCM] Samba Shared Repository - branch v4-11-test updated

Karolin Seeger kseeger at samba.org
Wed Apr 15 14:35:02 UTC 2020 

The branch, v4-11-test has been updated
       via  34bfaafc77e s3/librpc/crypto: Fix double free with unresolved credential cache
      from  f7ff511bc26 testprogs: Add 'net ads join createupn' test also verifying the keytab

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -----------------------------------------------------------------
commit 34bfaafc77e35c8808452f678111c73bbbdd705d
Author: Noel Power <noel.power at suse.com>
Date:   Tue Apr 14 11:21:22 2020 +0100

    s3/librpc/crypto: Fix double free with unresolved credential cache
    
    We free gse_ctx->k5ctx but then free it again in the
    talloc dtor. This patch just lets the talloc dtor handle
    things and removes the extra krb5_free_context
    
    Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found)
    ==30762== Invalid read of size 8
    ==30762==    at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3)
    ==30762==    by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3)
    ==30762==    by 0x7945D2E: gse_context_destructor (gse.c:84)
    ==30762==    by 0x645FB49: _tc_free_internal (talloc.c:1157)
    ==30762==    by 0x645FEC5: _talloc_free_internal (talloc.c:1247)
    ==30762==    by 0x646118D: _talloc_free (talloc.c:1789)
    ==30762==    by 0x79462E4: gse_context_init (gse.c:241)
    ==30762==    by 0x794636E: gse_init_client (gse.c:268)
    ==30762==    by 0x7947602: gensec_gse_client_start (gse.c:786)
    ==30762==    by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
    ==30762==    by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
    ==30762==    by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
    ==30762==  Address 0x17259928 is 40 bytes inside a block of size 496 free'd
    ==30762==    at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==30762==    by 0x79462CA: gse_context_init (gse.c:238)
    ==30762==    by 0x794636E: gse_init_client (gse.c:268)
    ==30762==    by 0x7947602: gensec_gse_client_start (gse.c:786)
    ==30762==    by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
    ==30762==    by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
    ==30762==    by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
    ==30762==    by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
    ==30762==    by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
    ==30762==    by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
    ==30762==    by 0xBC85622: gensec_update_send (gensec.c:449)
    ==30762==    by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997)
    ==30762==  Block was alloc'd at
    ==30762==    at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==30762==    by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3)
    ==30762==    by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597)
    ==30762==    by 0x794615B: gse_context_init (gse.c:209)
    ==30762==    by 0x794636E: gse_init_client (gse.c:268)
    ==30762==    by 0x7947602: gensec_gse_client_start (gse.c:786)
    ==30762==    by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
    ==30762==    by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
    ==30762==    by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
    ==30762==    by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
    ==30762==    by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
    ==30762==    by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
    ==30762==
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184
    
    (cherry picked from commit 34f8ab774d1484b0e60dbdec8ad2a1607ad92122)
    
    Autobuild-User(v4-11-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-11-test): Wed Apr 15 14:34:51 UTC 2020 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/librpc/crypto/gse.c | 4 ----
 1 file changed, 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 9a9f4261222..47dc1a0649a 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -234,10 +234,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 
 err_out:
-	if (gse_ctx->k5ctx) {
-		krb5_free_context(gse_ctx->k5ctx);
-	}
-
 	TALLOC_FREE(gse_ctx);
 	return status;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list