[SCM] Samba Shared Repository - branch master updated

Volker Lendecke vlendec at samba.org
Mon Sep 20 14:32:02 UTC 2021 

The branch, master has been updated
       via  8a93ef625fd s3: rpc_server: Avoid creating new handles when received an empty policy_handle
      from  cf4a868be50 debug: Remove "override_logfile"

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8a93ef625fd348c1473c7a55bff480de05bdaf77
Author: Samuel Cabrero <scabrero at suse.de>
Date:   Thu Sep 16 14:08:28 2021 +0200

    s3: rpc_server: Avoid creating new handles when received an empty policy_handle
    
    After merging s3 and s4 RPC handles implementations in commit
    70fa7e817e48c9faa3c6c7ae3749e4a8ebf3e6c2 a new empty handle is allocated
    when find_policy_by_hnd() or close_policy_hnd() is called with an empty
    policy_handle (see dcesrv_handle_lookup() implementation).
    
    This new behavior was causing a crash when running samba3.rpc.mdssvc test
    with log level >= 10, because a debug message in _mdssvc_close() was
    dereferencing the handle's associated data when called from
    test_mdssvc_close() with an empty policy_handle.
    
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Mon Sep 20 14:31:33 UTC 2021 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/rpc_handles.c | 9 +++++++++
 1 file changed, 9 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index 745ea4dd6ef..fea7454874c 100644
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -160,6 +160,15 @@ static struct dcesrv_handle *find_policy_by_hnd_internal(
 		*data_p = NULL;
 	}
 
+	/*
+	 * Do not pass an empty policy_handle to dcesrv_handle_lookup() or
+	 * it will create a new empty handle
+	 */
+	if (ndr_policy_handle_empty(hnd)) {
+		p->fault_state = DCERPC_FAULT_CONTEXT_MISMATCH;
+		return NULL;
+	}
+
 	/*
 	 * Do not pass handle_type to avoid setting the fault_state in the
 	 * pipes_struct if the handle type does not match


-- 
Samba Shared Repository

More information about the samba-cvs mailing list