[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Mar 1 21:00:02 UTC 2022
The branch, master has been updated
via 8c97743511e smbd: Fix a use-after-free
via 579c475fa62 smbd: Fix a typo
via 40b7c862b47 vfs: Set errno in an error return
via 2b6e557ec46 vfs: Fix a typo
via bdf68d64300 vfs: Fix a typo
via cb0201973c5 lib: Simplify parent_dirname() by using talloc_strndup()
via d255044e2ab lib: Use cp_smb_filename_nostream() in adouble_path()
from 9eb27f296ae third_party/heimdal_build: Determine whether time_t is signed
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8c97743511e4d53f795f2469a28aabfb96da0dfa
Author: Volker Lendecke <vl at samba.org>
Date: Wed Feb 23 15:56:41 2022 +0100
smbd: Fix a use-after-free
stat_cache_lookup() allocates its result on top of talloc_tos().
filename_convert_smb1_search_path() creates a talloc_stackframe(),
which makes the names which were supposed to be allocated on the "ctx"
parameter of filename_convert_smb1_search_path() go away too
early. Reparent the results from stat_cache_lookup() properly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14989
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 1 20:59:55 UTC 2022 on sn-devel-184
commit 579c475fa6293017fd4137fa99a0ae091dfdfcad
Author: Volker Lendecke <vl at samba.org>
Date: Wed Feb 23 15:47:45 2022 +0100
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 40b7c862b47b87e5d3fc36212e2658382bdae02b
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 22 17:12:44 2022 +0100
vfs: Set errno in an error return
Don't leak an unrelated errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2b6e557ec46164e5bd7003199eef0193c66cf4a9
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 22 17:12:34 2022 +0100
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bdf68d64300a63450fb0873f7885221c748b7cbb
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 22 15:49:37 2022 +0100
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cb0201973c54cee2988331572f0f111e6d458ad4
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 22 15:46:14 2022 +0100
lib: Simplify parent_dirname() by using talloc_strndup()
Don't duplicate the talloc_strndup() functionality.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d255044e2ab971ea39f0eed25e5c53a0c56d3a3a
Author: Volker Lendecke <vl at samba.org>
Date: Tue Feb 22 15:42:41 2022 +0100
lib: Use cp_smb_filename_nostream() in adouble_path()
No need to TALLOC_FREE(smb_fname->stream_name) later
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/lib/adouble.c | 9 +++------
source3/lib/util.c | 4 ++--
source3/modules/nfs4acl_xattr_nfs.c | 2 +-
source3/modules/vfs_fruit.c | 3 ++-
source3/smbd/filename.c | 7 +++++++
source3/smbd/statcache.c | 2 +-
6 files changed, 16 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c
index dda7a5ec05f..ef48d1aa73a 100644
--- a/source3/lib/adouble.c
+++ b/source3/lib/adouble.c
@@ -2757,17 +2757,14 @@ int adouble_path(TALLOC_CTX *ctx,
{
char *parent;
const char *base;
- struct smb_filename *smb_fname = cp_smb_filename(ctx,
- smb_fname_in);
+ struct smb_filename *smb_fname = NULL;
+ smb_fname = cp_smb_filename_nostream(ctx, smb_fname_in);
if (smb_fname == NULL) {
return -1;
}
- /* We need streamname to be NULL */
- TALLOC_FREE(smb_fname->stream_name);
-
- /* And we're replacing base_name. */
+ /* We're replacing base_name. */
TALLOC_FREE(smb_fname->base_name);
SET_STAT_INVALID(smb_fname->st);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 58a42ef2f53..d39ad61db20 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1429,10 +1429,10 @@ bool parent_dirname(TALLOC_CTX *mem_ctx, const char *dir, char **parent,
len = p-dir;
- if (!(*parent = (char *)talloc_memdup(mem_ctx, dir, len+1))) {
+ *parent = talloc_strndup(mem_ctx, dir, len);
+ if (*parent == NULL) {
return False;
}
- (*parent)[len] = '\0';
if (name) {
*name = p+1;
diff --git a/source3/modules/nfs4acl_xattr_nfs.c b/source3/modules/nfs4acl_xattr_nfs.c
index 63726c3b29d..59e02bf1577 100644
--- a/source3/modules/nfs4acl_xattr_nfs.c
+++ b/source3/modules/nfs4acl_xattr_nfs.c
@@ -351,7 +351,7 @@ static bool create_special_id(TALLOC_CTX *mem_ctx,
char *s = talloc_strdup(mem_ctx, id);
if (s == NULL) {
- DBG_ERR("talloc_memdup failed\n");
+ DBG_ERR("talloc_strdup failed\n");
return false;
}
nace->who.utf8string_val = s;
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index e84c4c98d37..e54e0903c40 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -1563,7 +1563,7 @@ static int fruit_open_rsrc_adouble(vfs_handle_struct *handle,
if ((!(flags & O_CREAT)) &&
S_ISDIR(fsp->base_fsp->fsp_name->st.st_ex_mode))
{
- /* sorry, but directories don't habe a resource fork */
+ /* sorry, but directories don't have a resource fork */
errno = EISDIR;
rc = -1;
goto exit;
@@ -1721,6 +1721,7 @@ static int fruit_open_rsrc(vfs_handle_struct *handle,
default:
DBG_ERR("Unexpected rsrc config [%d]\n", config->rsrc);
+ errno = EINVAL;
return -1;
}
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 33aed86718f..123fe951639 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1141,6 +1141,13 @@ NTSTATUS unix_convert(TALLOC_CTX *mem_ctx,
&state->name,
state->smb_fname->twrp,
&state->smb_fname->st);
+ /*
+ * stat_cache_lookup() allocates on talloc_tos() even
+ * when !found, reparent correctly
+ */
+ talloc_steal(state->smb_fname, state->smb_fname->base_name);
+ talloc_steal(state->mem_ctx, state->dirpath);
+
if (found) {
goto done;
}
diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index f8d58214c45..4138a9287ad 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -190,7 +190,7 @@ void stat_cache_add( const char *full_orig_name,
* of the name up.
* @param psd A stat buffer, NOT from the cache, but just a side-effect.
*
- * @return True if we translated (and did a scuccessful stat on) the entire
+ * @return True if we translated (and did a successful stat on) the entire
* name.
*
*/
--
Samba Shared Repository
More information about the samba-cvs
mailing list