[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Dec 6 23:38:01 UTC 2022
The branch, master has been updated
via 99480c50ca6 smbd: Close the opened file in smbd_smb2_create_after_exec() error case
via 9e9c5c14351 smbd: Centralize error handling in smbd_smb2_create_after_exec()
from 68fc909a7f4 CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codec
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 99480c50ca69826b1b2b46c22d6fdf5178c8733f
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 3 21:43:06 2022 +0100
smbd: Close the opened file in smbd_smb2_create_after_exec() error case
smbd_smb2_create_after_exec() is only called when the file has
successfully been opened. When this fails in the middle, we can't
leave the fsp around. Hard to test with current code, but with reparse
point handling we'll have a reproducable case soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 6 23:37:52 UTC 2022 on sn-devel-184
commit 9e9c5c143518490e269562e8ea66c3f1e3d8a816
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 3 21:42:49 2022 +0100
smbd: Centralize error handling in smbd_smb2_create_after_exec()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smb2_create.c | 52 ++++++++++++++++++++--------------------------
1 file changed, 23 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 34dd338a4a0..aba339014bb 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -1429,9 +1429,8 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
state->out_context_blobs,
SMB2_CREATE_TAG_MXAC,
blob);
- if (tevent_req_nterror(req, status)) {
- tevent_req_post(req, state->ev);
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
}
}
@@ -1465,9 +1464,8 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
DEBUG(10, ("smb2_create_send: smbXsrv_open_update "
"returned %s\n",
nt_errstr(status)));
- if (tevent_req_nterror(req, status)) {
- tevent_req_post(req, state->ev);
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
/*
@@ -1485,9 +1483,8 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
state->out_context_blobs,
SMB2_CREATE_TAG_DHNQ,
blob);
- if (tevent_req_nterror(req, status)) {
- tevent_req_post(req, state->ev);
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
}
@@ -1514,9 +1511,8 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
state->out_context_blobs,
SMB2_CREATE_TAG_DH2Q,
blob);
- if (tevent_req_nterror(req, status)) {
- tevent_req_post(req, state->ev);
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
}
@@ -1541,9 +1537,8 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
state->out_context_blobs,
SMB2_CREATE_TAG_QFID,
blob);
- if (tevent_req_nterror(req, status)) {
- tevent_req_post(req, state->ev);
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
}
@@ -1560,19 +1555,16 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
}
if (!smb2_lease_push(&lease, buf, lease_len)) {
- tevent_req_nterror(
- req, NT_STATUS_INTERNAL_ERROR);
- tevent_req_post(req, state->ev);
- return;
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
}
status = smb2_create_blob_add(
state, state->out_context_blobs,
SMB2_CREATE_TAG_RQLS,
data_blob_const(buf, lease_len));
- if (tevent_req_nterror(req, status)) {
- tevent_req_post(req, state->ev);
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
}
@@ -1589,10 +1581,8 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
conn, 0, psbuf, &owner, &group, NULL, 0);
if (cc_len == -1) {
- tevent_req_nterror(
- req, NT_STATUS_INSUFFICIENT_RESOURCES);
- tevent_req_post(req, state->ev);
- return;
+ status = NT_STATUS_INSUFFICIENT_RESOURCES;
+ goto fail;
}
{
@@ -1616,14 +1606,18 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
state->out_context_blobs,
SMB2_CREATE_TAG_POSIX,
blob);
- if (tevent_req_nterror(req, status)) {
- tevent_req_post(req, state->ev);
- return;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
}
}
}
return;
+
+fail:
+ close_file_free(state->smb1req, &state->result, ERROR_CLOSE);
+ tevent_req_nterror(req, status);
+ tevent_req_post(req, state->ev);
}
static void smbd_smb2_create_finish(struct tevent_req *req)
--
Samba Shared Repository
More information about the samba-cvs
mailing list