[SCM] Samba Shared Repository - branch v4-17-test updated

Jule Anger janger at samba.org
Tue Oct 18 14:29:01 UTC 2022


The branch, v4-17-test has been updated
       via  93d6f403e38 s3/utils: check result of talloc_strdup
       via  d5e39d1ba70 s3/utils: Check return of talloc_strdup
       via  fac483e3dad s3/param: Check return of talloc_strdup
       via  ee2858ab4ff s4/lib/registry: Fix use after free with popt 1.19
       via  21890fcb526 s3/utils: Fix use after free with popt 1.19
       via  3a9733ce71f s3/utils: Fix use after free with popt 1.19
       via  1e8652100da s3/utils: Add missing poptFreeContext
       via  4c03cfd6b67 s3/param: Fix use after free with popt-1.19
       via  e0ae633216d s3/rpcclient: Duplicate string returned from poptGetArg
       via  a1453f16aea vfs_fruit: add missing calls to tevent_req_received()
       via  54d4b0f607e s3: VFS: fruit. Implement fsync_send()/fsync_recv().
       via  4c6b7983ed5 s4: smbtorture: Add fsync_resource_fork test to fruit tests.
       via  6d05908e3ca smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
       via  4a44febbc46 smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
       via  fd4c80fcc6f smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
       via  abc48aec20a smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
       via  41e016e41c5 smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
      from  cb27978c461 vfs_glusterfs: Remove special handling of O_CREAT flag

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test


- Log -----------------------------------------------------------------
commit 93d6f403e38de68681257c5239ae764c9fbb3353
Author: Noel Power <noel.power at suse.com>
Date:   Mon Oct 17 10:27:31 2022 +0100

    s3/utils: check result of talloc_strdup
    
    follow to commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Mon Oct 17 19:49:37 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 0326549a052c22e4929e3760fd5011c35e32fe33)
    
    Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-17-test): Tue Oct 18 14:28:13 UTC 2022 on sn-devel-184

commit d5e39d1ba700a530b977707314237020455cd28c
Author: Noel Power <noel.power at suse.com>
Date:   Mon Oct 17 10:25:00 2022 +0100

    s3/utils: Check return of talloc_strdup
    
    followup to e82699fcca3716d9ed0450263fd83f948de8ffbe
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 972127daddc7a32d23fb84d97102557035b06f5b)

commit fac483e3dad9855e82d84fda20fea69aebd54759
Author: Noel Power <noel.power at suse.com>
Date:   Mon Oct 17 10:17:34 2022 +0100

    s3/param: Check return of talloc_strdup
    
    followup to commit ff003fc87b8164610dfd6572347c05308c4b2fd7
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 19eb88bc53e481327bbd437b0c145d5765c6dcec)

commit ee2858ab4ff029f5df414bd74c6742a969b31093
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:53:53 2022 +0100

    s4/lib/registry: Fix use after free with popt 1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==6357== Command: ./bin/regpatch file
    ==6357==
    Can't load /home/npower/samba-back/INSTALL_DIR/etc/smb.conf - run testparm to debug it
    ==6357== Syscall param openat(filename) points to unaddressable byte(s)
    ==6357==    at 0x4BFE535: open (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4861432: reg_diff_load (patchfile.c:345)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d1 is 1 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4B83DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    Error reading registry patch file `file'
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 7e0e3f47cd67e4cadc101691cd14837f45d9506a)

commit 21890fcb52668d82fb127393bbc11439fddc0c08
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:45:13 2022 +0100

    s3/utils: Fix use after free with popt 1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==6055== Command: ./bin/testparm /etc/samba/smb.conf
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4C44DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab72 is 2 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    Load smb config files from /etc/samba/smb.conf
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 8
    ==6055==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 2
    ==6055==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 8
    ==6055==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 2
    ==6055==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3)

commit 3a9733ce71fe878eacf0eadeeb681f2b8cc35e96
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:35:51 2022 +0100

    s3/utils: Fix use after free with popt 1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==5914== Invalid read of size 1
    ==5914==    at 0x4FDF740: strlcpy (in /usr/lib64/libbsd.so.0.11.6)
    ==5914==    by 0x49E09A9: tdbsam_getsampwnam (pdb_tdb.c:583)
    ==5914==    by 0x49D94E5: pdb_getsampwnam (pdb_interface.c:340)
    ==5914==    by 0x10DED1: print_user_info (pdbedit.c:372)
    ==5914==    by 0x111413: main (pdbedit.c:1324)
    ==5914==  Address 0x73b6750 is 0 bytes inside a block of size 7 free'd
    ==5914==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5914==    by 0x4C508B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5914==    by 0x4C515D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5914==    by 0x1113E6: main (pdbedit.c:1323)
    ==5914==  Block was alloc'd at
    ==5914==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5914==    by 0x4C522EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5914==    by 0x110AE5: main (pdbedit.c:1137)
    ==5914==
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit e82699fcca3716d9ed0450263fd83f948de8ffbe)

commit 1e8652100da0472157d47c788877414cdf92b797
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:26:24 2022 +0100

    s3/utils: Add missing poptFreeContext
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 31d3d10b260f05080ca0a3cf9434aa4704d60739)

commit 4c03cfd6b67f634de9d577e10d618435b401f6b1
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:23:37 2022 +0100

    s3/param: Fix use after free with popt-1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 8
    ==5325==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 2
    ==5325==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 8
    ==5325==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 2
    ==5325==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit ff003fc87b8164610dfd6572347c05308c4b2fd7)

commit e0ae633216db2519c268df802de2df1e150c8f1c
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 10:03:17 2022 +0100

    s3/rpcclient: Duplicate string returned from poptGetArg
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==4407== Invalid read of size 1
    ==4407==    at 0x146263: main (rpcclient.c:1262)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x14627D: main (rpcclient.c:1263)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980E1C: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980E1C: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 8
    ==4407==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
    ==4407==    by 0x4980E32: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
    ==4407==    by 0x4980E32: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit d26d3d9bff61f796c9c9ab54990ea078f575ab1e)

commit a1453f16aea30c10a1082f419f7a45424eea8597
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Oct 6 14:31:08 2022 +0200

    vfs_fruit: add missing calls to tevent_req_received()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    (cherry picked from commit a7fba3ff5996330158d3cc6bc24746a59492b690)

commit 54d4b0f607e7169b0044fde254c41b8579dcc903
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 20 13:25:22 2022 -0700

    s3: VFS: fruit. Implement fsync_send()/fsync_recv().
    
    For type == ADOUBLE_META, fio->fake_fd is true so
    writes are already synchronous, just call tevent_req_post().
    
    For type == ADOUBLE_RSRC we know we are configured
    with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream()
    returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND()
    after replacing fsp with fio->ad_fsp.
    
    Remove knownfail.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    (cherry picked from commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0)

commit 4c6b7983ed5982c283d9663b447c57e3cc7ea615
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Sep 20 12:08:29 2022 -0700

    s4: smbtorture: Add fsync_resource_fork test to fruit tests.
    
    This shows we currently hang when sending an SMB2_OP_FLUSH on
    an AFP_Resource fork.
    
    Adds knownfail.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    (cherry picked from commit 1b8a8732848169c632af12b7c2b4cd3ee73be244)

commit 6d05908e3ca1be4e3eb0ed059630648c5c980033
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 12 14:57:18 2022 +0200

    smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
    
    If we get NT_STATUS_OBJECT_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
    we should just keep the connection and overwrite the stale record in
    smbXsrv_client_global.tdb. It's basically a race with serverid_exists()
    and a process that doesn't cleanly teardown.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 5d66d5b84f87267243dcd5223210906ce589af91)

commit 4a44febbc4663bfdcfe4f9a43b491484dd09808c
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 12 14:15:53 2022 +0200

    smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
    
    This will simplify the following changes...
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 8c8d8cf01e01c2726d03fa1c81e0ce9992ee736c)

commit fd4c80fcc6f591efe2ab754ae9e77fb643513d19
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 12 13:54:41 2022 +0200

    smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
    
    dbwrap_watched_watch_send() should typically be the last thing to call
    before the db record is unlocked, as it's not that easy to undo.
    
    In future we want to recover from smb2srv_client_connection_{pass,drop}()
    returning NT_STATUS_OBJECT_NAME_NOT_FOUND and it would add complexity if
    would need to undo dbwrap_watched_watch_send() at that point.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 56c597bc2b29dc3e555f737ba189f521d0e31e8c)

commit abc48aec20a40c2a3cf0be953341a3bfd0d489ac
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 12 13:40:26 2022 +0200

    smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
    
    DBG_WARNING() already adds the function name as prefix.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit acb3d821deaf06faa16f6428682ecdb02babeb98)

commit 41e016e41c5162d736a1cf00fc873507e4b1e767
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 12 13:30:32 2022 +0200

    smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
    
    If we hit a race, when a client disconnects the connection after the initial
    SMB2 Negotiate request, before the connection is completely passed to
    process serving the given client guid, the temporary smbd which accepted the
    new connection may already detected the disconnect and exitted before
    the long term smbd servicing the client guid was able to send the
    MSG_SMBXSRV_CONNECTION_PASSED message.
    
    The result was a log message like this:
    
      smbXsrv_client_connection_pass_loop: smb2srv_client_connection_passed() failed => NT_STATUS_OBJECT_NAME_NOT_FOUND
    
    and all connections belonging to the client guid were dropped,
    because we called exit_server_cleanly().
    
    Now we ignore NT_STATUS_OBJECT_NAME_NOT_FOUND from
    smb2srv_client_connection_passed() and let the normal
    event loop detect the broken connection, so that only
    that connection is terminated (not the whole smbd process).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 636ec45c93ad040ba70296aa543884c145b3e789)

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_fruit.c           | 114 +++++++++++++++++++++++++++++++++-
 source3/param/test_lp_load.c          |   7 ++-
 source3/rpcclient/rpcclient.c         |   2 +-
 source3/smbd/smbXsrv_client.c         |  99 +++++++++++++++++++++++------
 source3/utils/mdsearch.c              |   1 +
 source3/utils/pdbedit.c               |  12 +++-
 source3/utils/testparm.c              |  11 +++-
 source4/lib/registry/tools/regpatch.c |   2 +-
 source4/torture/vfs/fruit.c           |  80 ++++++++++++++++++++++++
 9 files changed, 300 insertions(+), 28 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 13033096dc9..4058d4834e7 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2635,13 +2635,17 @@ static ssize_t fruit_pread_recv(struct tevent_req *req,
 {
 	struct fruit_pread_state *state = tevent_req_data(
 		req, struct fruit_pread_state);
+	ssize_t retval = -1;
 
 	if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+		tevent_req_received(req);
 		return -1;
 	}
 
 	*vfs_aio_state = state->vfs_aio_state;
-	return state->nread;
+	retval = state->nread;
+	tevent_req_received(req);
+	return retval;
 }
 
 static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle,
@@ -3062,13 +3066,117 @@ static ssize_t fruit_pwrite_recv(struct tevent_req *req,
 {
 	struct fruit_pwrite_state *state = tevent_req_data(
 		req, struct fruit_pwrite_state);
+	ssize_t retval = -1;
+
+	if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+		tevent_req_received(req);
+		return -1;
+	}
+
+	*vfs_aio_state = state->vfs_aio_state;
+	retval = state->nwritten;
+	tevent_req_received(req);
+	return retval;
+}
+
+struct fruit_fsync_state {
+	int ret;
+	struct vfs_aio_state vfs_aio_state;
+};
+
+static void fruit_fsync_done(struct tevent_req *subreq);
+
+static struct tevent_req *fruit_fsync_send(
+	struct vfs_handle_struct *handle,
+	TALLOC_CTX *mem_ctx,
+	struct tevent_context *ev,
+	struct files_struct *fsp)
+{
+	struct tevent_req *req = NULL;
+	struct tevent_req *subreq = NULL;
+	struct fruit_fsync_state *state = NULL;
+	struct fio *fio = fruit_get_complete_fio(handle, fsp);
+
+	req = tevent_req_create(mem_ctx, &state,
+				struct fruit_fsync_state);
+	if (req == NULL) {
+		return NULL;
+	}
+
+	if (fruit_must_handle_aio_stream(fio)) {
+		struct adouble *ad = NULL;
+
+		if (fio->type == ADOUBLE_META) {
+			/*
+			 * We must never pass a fake_fd
+			 * to lower level fsync calls.
+			 * Everything is already done
+			 * synchronously, so just return
+			 * true.
+			 */
+			SMB_ASSERT(fio->fake_fd);
+			tevent_req_done(req);
+			return tevent_req_post(req, ev);
+		}
+
+		/*
+		 * We know the following must be true,
+		 * as it's the condition for fruit_must_handle_aio_stream()
+		 * to return true if fio->type == ADOUBLE_RSRC.
+		 */
+		SMB_ASSERT(fio->config->rsrc == FRUIT_RSRC_ADFILE);
+		if (fio->ad_fsp == NULL) {
+			tevent_req_error(req, EBADF);
+			return tevent_req_post(req, ev);
+		}
+		ad = ad_fget(talloc_tos(), handle, fio->ad_fsp, ADOUBLE_RSRC);
+		if (ad == NULL) {
+			tevent_req_error(req, ENOMEM);
+			return tevent_req_post(req, ev);
+		}
+		fsp = fio->ad_fsp;
+	}
+
+	subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
+	if (tevent_req_nomem(req, subreq)) {
+		return tevent_req_post(req, ev);
+	}
+	tevent_req_set_callback(subreq, fruit_fsync_done, req);
+	return req;
+}
+
+static void fruit_fsync_done(struct tevent_req *subreq)
+{
+	struct tevent_req *req = tevent_req_callback_data(
+		subreq, struct tevent_req);
+	struct fruit_fsync_state *state = tevent_req_data(
+		req, struct fruit_fsync_state);
+
+	state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
+	TALLOC_FREE(subreq);
+	if (state->ret != 0) {
+		tevent_req_error(req, errno);
+		return;
+	}
+	tevent_req_done(req);
+}
+
+static int fruit_fsync_recv(struct tevent_req *req,
+					struct vfs_aio_state *vfs_aio_state)
+{
+	struct fruit_fsync_state *state = tevent_req_data(
+		req, struct fruit_fsync_state);
+	int retval = -1;
 
 	if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
+		tevent_req_received(req);
 		return -1;
 	}
 
 	*vfs_aio_state = state->vfs_aio_state;
-	return state->nwritten;
+	retval = state->ret;
+	tevent_req_received(req);
+	return retval;
 }
 
 /**
@@ -5305,6 +5413,8 @@ static struct vfs_fn_pointers vfs_fruit_fns = {
 	.pread_recv_fn = fruit_pread_recv,
 	.pwrite_send_fn = fruit_pwrite_send,
 	.pwrite_recv_fn = fruit_pwrite_recv,
+	.fsync_send_fn = fruit_fsync_send,
+	.fsync_recv_fn = fruit_fsync_recv,
 	.stat_fn = fruit_stat,
 	.lstat_fn = fruit_lstat,
 	.fstat_fn = fruit_fstat,
diff --git a/source3/param/test_lp_load.c b/source3/param/test_lp_load.c
index 2c6a5c8891b..9f3d5516805 100644
--- a/source3/param/test_lp_load.c
+++ b/source3/param/test_lp_load.c
@@ -82,7 +82,12 @@ int main(int argc, const char **argv)
 	}
 
 	if (poptPeekArg(pc)) {
-		config_file = poptGetArg(pc);
+		config_file = talloc_strdup(frame, poptGetArg(pc));
+		if (config_file == NULL) {
+			DBG_ERR("out of memory\n");
+			TALLOC_FREE(frame);
+			exit(1);
+		}
 	} else {
 		config_file = get_dyn_CONFIGFILE();
 	}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 4042d0d60be..27fe5d705c6 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -1238,7 +1238,7 @@ out_free:
 	/* Get server as remaining unparsed argument.  Print usage if more
 	   than one unparsed argument is present. */
 
-	server = poptGetArg(pc);
+	server = talloc_strdup(frame, poptGetArg(pc));
 
 	if (!server || poptGetArg(pc)) {
 		poptPrintHelp(pc, stderr, 0);
diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c
index d7a6fa35bf0..f57bc724910 100644
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -189,6 +189,7 @@ static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
 					bool *is_free,
 					bool *was_free,
 					TALLOC_CTX *mem_ctx,
+					const struct server_id *dead_server_id,
 					struct smbXsrv_client_global0 **_g,
 					uint32_t *pseqnum)
 {
@@ -198,6 +199,7 @@ static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
 	struct smbXsrv_client_globalB global_blob;
 	enum ndr_err_code ndr_err;
 	struct smbXsrv_client_global0 *global = NULL;
+	bool dead = false;
 	bool exists;
 	TALLOC_CTX *frame = talloc_stackframe();
 
@@ -231,8 +233,7 @@ static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
 			(ndr_pull_flags_fn_t)ndr_pull_smbXsrv_client_globalB);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
-		DBG_WARNING("smbXsrv_client_global_verify_record: "
-			    "key '%s' ndr_pull_struct_blob - %s\n",
+		DBG_WARNING("key '%s' ndr_pull_struct_blob - %s\n",
 			    hex_encode_talloc(frame, key.dptr, key.dsize),
 			    nt_errstr(status));
 		TALLOC_FREE(frame);
@@ -255,6 +256,22 @@ static void smbXsrv_client_global_verify_record(struct db_record *db_rec,
 
 	global = global_blob.info.info0;
 
+	dead = server_id_equal(dead_server_id, &global->server_id);
+	if (dead) {
+		struct server_id_buf tmp;
+
+		DBG_NOTICE("key '%s' server_id %s is already dead.\n",
+			   hex_encode_talloc(frame, key.dptr, key.dsize),
+			   server_id_str_buf(global->server_id, &tmp));
+		if (DEBUGLVL(DBGLVL_NOTICE)) {
+			NDR_PRINT_DEBUG(smbXsrv_client_globalB, &global_blob);
+		}
+		TALLOC_FREE(frame);
+		dbwrap_record_delete(db_rec);
+		*is_free = true;
+		return;
+	}
+
 	exists = serverid_exists(&global->server_id);
 	if (!exists) {
 		struct server_id_buf tmp;
@@ -472,6 +489,7 @@ struct smb2srv_client_mc_negprot_state {
 	struct db_record *db_rec;
 	uint64_t watch_instance;
 	uint32_t last_seqnum;
+	struct tevent_req *filter_subreq;
 };
 
 static void smb2srv_client_mc_negprot_cleanup(struct tevent_req *req,
@@ -534,7 +552,9 @@ static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
 	struct tevent_req *subreq = NULL;
 	NTSTATUS status;
 	uint32_t seqnum = 0;
+	struct server_id last_server_id = { .pid = 0, };
 
+	TALLOC_FREE(state->filter_subreq);
 	SMB_ASSERT(state->db_rec == NULL);
 	state->db_rec = smbXsrv_client_global_fetch_locked(table->global.db_ctx,
 							   &client_guid,
@@ -544,10 +564,14 @@ static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
 		return;
 	}
 
+verify_again:
+	TALLOC_FREE(global);
+
 	smbXsrv_client_global_verify_record(state->db_rec,
 					    &is_free,
 					    NULL,
 					    state,
+					    &last_server_id,
 					    &global,
 					    &seqnum);
 	if (is_free) {
@@ -601,6 +625,16 @@ static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
 		return;
 	}
 
+	/*
+	 * If last_server_id is set, we expect
+	 * smbXsrv_client_global_verify_record()
+	 * to detect the already dead global->server_id
+	 * as state->db_rec is still locked and its
+	 * value didn't change.
+	 */
+	SMB_ASSERT(last_server_id.pid == 0);
+	last_server_id = global->server_id;
+
 	if (procid_is_local(&global->server_id)) {
 		subreq = messaging_filtered_read_send(state,
 						      state->ev,
@@ -611,6 +645,37 @@ static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
 			return;
 		}
 		tevent_req_set_callback(subreq, smb2srv_client_mc_negprot_done, req);
+		state->filter_subreq = subreq;
+	}
+
+	if (procid_is_local(&global->server_id)) {
+		status = smb2srv_client_connection_pass(state->smb2req,
+							global);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			/*
+			 * We remembered last_server_id = global->server_id
+			 * above, so we'll treat it as dead in the
+			 * next round to smbXsrv_client_global_verify_record().
+			 */
+			goto verify_again;
+		}
+		if (tevent_req_nterror(req, status)) {
+			return;
+		}
+	} else {
+		status = smb2srv_client_connection_drop(state->smb2req,
+							global);
+		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+			/*
+			 * We remembered last_server_id = global->server_id
+			 * above, so we'll treat it as dead in the
+			 * next round to smbXsrv_client_global_verify_record().
+			 */
+			goto verify_again;
+		}
+		if (tevent_req_nterror(req, status)) {
+			return;
+		}
 	}
 
 	/*
@@ -644,22 +709,7 @@ static void smb2srv_client_mc_negprot_next(struct tevent_req *req)
 	}
 	tevent_req_set_callback(subreq, smb2srv_client_mc_negprot_watched, req);
 
-	if (procid_is_local(&global->server_id)) {
-		status = smb2srv_client_connection_pass(state->smb2req,
-							global);
-		TALLOC_FREE(global);
-		if (tevent_req_nterror(req, status)) {
-			return;
-		}
-	} else {
-		status = smb2srv_client_connection_drop(state->smb2req,
-							global);
-		TALLOC_FREE(global);
-		if (tevent_req_nterror(req, status)) {
-			return;
-		}
-	}
-
+	TALLOC_FREE(global);
 	TALLOC_FREE(state->db_rec);
 	return;
 }
@@ -694,6 +744,9 @@ static void smb2srv_client_mc_negprot_done(struct tevent_req *subreq)
 	NTSTATUS status;
 	int ret;
 
+	SMB_ASSERT(state->filter_subreq == subreq);
+	state->filter_subreq = NULL;
+
 	ret = messaging_filtered_read_recv(subreq, state, &rec);
 	TALLOC_FREE(subreq);
 	if (ret != 0) {
@@ -1111,6 +1164,16 @@ static void smbXsrv_client_connection_pass_loop(struct tevent_req *subreq)
 	}
 
 	status = smb2srv_client_connection_passed(client, pass_info0);
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		/*
+		 * We hit a race where, the client dropped the connection
+		 * while the socket was passed to us and the origin
+		 * process already existed.
+		 */
+		DBG_DEBUG("smb2srv_client_connection_passed() ignore %s\n",
+			  nt_errstr(status));
+		status = NT_STATUS_OK;
+	}
 	if (!NT_STATUS_IS_OK(status)) {
 		const char *r = "smb2srv_client_connection_passed() failed";
 		DBG_ERR("%s => %s\n", r, nt_errstr(status));
diff --git a/source3/utils/mdsearch.c b/source3/utils/mdsearch.c
index ac0b75fca51..ab48e366a0a 100644
--- a/source3/utils/mdsearch.c
+++ b/source3/utils/mdsearch.c
@@ -242,6 +242,7 @@ int main(int argc, char **argv)
 	return 0;
 
 fail:
+	poptFreeContext(pc);
 	TALLOC_FREE(frame);
 	return 1;
 }
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 4fdcc3ee428..ede467108bb 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -1149,8 +1149,16 @@ int main(int argc, const char **argv)
 
 	poptGetArg(pc); /* Drop argv[0], the program name */
 
-	if (user_name == NULL)
-		user_name = poptGetArg(pc);
+	if (user_name == NULL) {
+		if (poptPeekArg(pc)) {
+			user_name = talloc_strdup(frame, poptGetArg(pc));
+			if (user_name == NULL) {
+				fprintf(stderr, "out of memory\n");
+				TALLOC_FREE(frame);
+				exit(1);
+			}
+		}
+	}
 
 	setparms =	(backend ? BIT_BACKEND : 0) +
 			(verbose ? BIT_VERBOSE : 0) +
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 9555b436260..e0455b9d7b6 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -843,13 +843,18 @@ static void do_per_share_checks(int s)
 	}
 
 	if (poptPeekArg(pc)) {
-		config_file = poptGetArg(pc);
+		config_file = talloc_strdup(frame, poptGetArg(pc));
+                if (config_file == NULL) {
+                        DBG_ERR("out of memory\n");
+                        TALLOC_FREE(frame);
+                        exit(1);
+                }
 	} else {
 		config_file = get_dyn_CONFIGFILE();
 	}
 
-	cname = poptGetArg(pc);
-	caddr = poptGetArg(pc);
+	cname = talloc_strdup(frame, poptGetArg(pc));
+	caddr = talloc_strdup(frame, poptGetArg(pc));
 
 	poptFreeContext(pc);
 
diff --git a/source4/lib/registry/tools/regpatch.c b/source4/lib/registry/tools/regpatch.c
index 2be78d143ef..eafaff6cf99 100644
--- a/source4/lib/registry/tools/regpatch.c
+++ b/source4/lib/registry/tools/regpatch.c
@@ -101,7 +101,7 @@ int main(int argc, char **argv)
 		return 1;
 	}
 
-	patch = poptGetArg(pc);
+	patch = talloc_strdup(mem_ctx, poptGetArg(pc));
 	if (patch == NULL) {
 		poptPrintUsage(pc, stderr, 0);
 		TALLOC_FREE(mem_ctx);
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index fa758794368..3621fec460c 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -2718,6 +2718,85 @@ done:
 	return ret;
 }
 
+/*
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
+ */
+
+static bool test_rfork_fsync(struct torture_context *tctx,
+			      struct smb2_tree *tree)
+{
+	TALLOC_CTX *mem_ctx = talloc_new(tctx);
+	const char *fname = BASEDIR "\\torture_rfork_fsync";
+	const char *rfork = BASEDIR "\\torture_rfork_fsync" AFPRESOURCE_STREAM;
+	NTSTATUS status;
+	struct smb2_handle testdirh;
+	bool ret = true;
+	struct smb2_create create;
+	struct smb2_handle fh1;
+	struct smb2_flush f;
+
+	ZERO_STRUCT(fh1);
+
+	ret = enable_aapl(tctx, tree);
+	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+
+	smb2_util_unlink(tree, fname);
+
+	status = torture_smb2_testdir(tree, BASEDIR, &testdirh);
+	torture_assert_ntstatus_ok_goto(tctx,
+					status,
+					ret,
+					done,
+					"torture_smb2_testdir");
+	smb2_util_close(tree, testdirh);
+
+	ret = torture_setup_file(mem_ctx, tree, fname, false);
+	if (ret == false) {
+		goto done;
+	}
+
+	torture_comment(tctx, "(%s) create resource fork %s\n",
+		__location__,
+		rfork);
+
+	ZERO_STRUCT(create);
+	create.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+	create.in.desired_access      = SEC_STD_READ_CONTROL | SEC_FILE_ALL;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list