[SCM] Samba Shared Repository - branch v4-16-test updated

Jule Anger janger at samba.org
Wed Oct 19 09:46:01 UTC 2022


The branch, v4-16-test has been updated
       via  c28d971b12b s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()
       via  04d0d5a0366 s3:auth_samba4: make use of imessaging_init_discard_incoming()
       via  6ba44033e38 s4:messaging: add imessaging_init_discard_incoming()
       via  4d7e31b9816 s3/utils: check result of talloc_strdup
       via  9a18da112c4 s3/utils: Check return of talloc_strdup
       via  e69d2b3f9d2 s3/param: Check return of talloc_strdup
       via  7480f9c01d6 s4/lib/registry: Fix use after free with popt 1.19
       via  5383d625cbb s3/utils: Fix use after free with popt 1.19
       via  4b35fa3f85e s3/utils: Fix use after free with popt 1.19
       via  1efcc10c9d4 s3/utils: Add missing poptFreeContext
       via  da11c48d9b6 s3/param: Fix use after free with popt-1.19
       via  0503e0df3b6 s3/rpcclient: Duplicate string returned from poptGetArg
      from  3e0ce4513b0 vfs_fruit: add missing calls to tevent_req_received()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test


- Log -----------------------------------------------------------------
commit c28d971b12bab1342d9ad0a8475deef647e5aa1b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Sep 28 14:27:09 2022 +0200

    s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()
    
    imessaging_client_init() is for temporary stuff only, so we should drop
    (unexpected) incoming messages unless we expect irpc responses.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 266bcedc18efc52e29efde6bad220623a5423e30)
    
    Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-16-test): Wed Oct 19 09:45:53 UTC 2022 on sn-devel-184

commit 04d0d5a0366ec92a7cafcf56e0cf2c74780c0eed
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Sep 28 14:14:41 2022 +0200

    s3:auth_samba4: make use of imessaging_init_discard_incoming()
    
    Otherwise we'll generate a memory leak of imessaging_post_state/
    tevent_immediate structures per incoming message!
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 32df5e4961cf064b72bb496157cc6092126d9b8e)

commit 6ba44033e3869196982e67a8f757f34a5e1f2788
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Sep 28 13:47:13 2022 +0200

    s4:messaging: add imessaging_init_discard_incoming()
    
    We often create imessaging contexts just for sending messages,
    but we'll never process incoming messages because a temporary event
    context was used and we just queue a lot of imessaging_post_state
    structures with immediate events.
    
    With imessaging_init_discard_incoming() we'll discard any incoming messages
    unless we have pending irpc requests.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit a120fb1c724dfaed5a99e34aaf979502586f17c0)

commit 4d7e31b98162a33702162b00cf40811dfeabe671
Author: Noel Power <noel.power at suse.com>
Date:   Mon Oct 17 10:27:31 2022 +0100

    s3/utils: check result of talloc_strdup
    
    follow to commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Mon Oct 17 19:49:37 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 0326549a052c22e4929e3760fd5011c35e32fe33)

commit 9a18da112c47055fb32291dfcde42f2ccca7aad7
Author: Noel Power <noel.power at suse.com>
Date:   Mon Oct 17 10:25:00 2022 +0100

    s3/utils: Check return of talloc_strdup
    
    followup to e82699fcca3716d9ed0450263fd83f948de8ffbe
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 972127daddc7a32d23fb84d97102557035b06f5b)

commit e69d2b3f9d2c8f38a4d93413d563ad5241d35383
Author: Noel Power <noel.power at suse.com>
Date:   Mon Oct 17 10:17:34 2022 +0100

    s3/param: Check return of talloc_strdup
    
    followup to commit ff003fc87b8164610dfd6572347c05308c4b2fd7
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 19eb88bc53e481327bbd437b0c145d5765c6dcec)

commit 7480f9c01d6449e071784b04ea1f8e2a18906d75
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:53:53 2022 +0100

    s4/lib/registry: Fix use after free with popt 1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==6357== Command: ./bin/regpatch file
    ==6357==
    Can't load /home/npower/samba-back/INSTALL_DIR/etc/smb.conf - run testparm to debug it
    ==6357== Syscall param openat(filename) points to unaddressable byte(s)
    ==6357==    at 0x4BFE535: open (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4861432: reg_diff_load (patchfile.c:345)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d1 is 1 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4B83DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    ==6357== Invalid read of size 1
    ==6357==    at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
    ==6357==    by 0x4AD32F0: __dbgtext_va (debug.c:1904)
    ==6357==    by 0x4AD33F2: dbgtext (debug.c:1925)
    ==6357==    by 0x4861515: reg_diff_load (patchfile.c:353)
    ==6357==    by 0x4861CD3: reg_diff_apply (patchfile.c:542)
    ==6357==    by 0x10ADF9: main (regpatch.c:114)
    ==6357==  Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd
    ==6357==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ADCF: main (regpatch.c:111)
    ==6357==  Block was alloc'd at
    ==6357==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6357==    by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6357==    by 0x10ACBD: main (regpatch.c:79)
    ==6357==
    Error reading registry patch file `file'
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 7e0e3f47cd67e4cadc101691cd14837f45d9506a)

commit 5383d625cbb3a2c10b4fa18d21e738dabad5d6be
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:45:13 2022 +0100

    s3/utils: Fix use after free with popt 1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==6055== Command: ./bin/testparm /etc/samba/smb.conf
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4C44DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
    ==6055==    by 0x10EBFA: main (testparm.c:862)
    ==6055==  Address 0x72dab72 is 2 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    Load smb config files from /etc/samba/smb.conf
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 8
    ==6055==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 2
    ==6055==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
    ==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 8
    ==6055==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 2
    ==6055==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    ==6055== Invalid read of size 1
    ==6055==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
    ==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
    ==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
    ==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
    ==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
    ==6055==    by 0x10EC06: main (testparm.c:864)
    ==6055==  Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
    ==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EBAC: main (testparm.c:854)
    ==6055==  Block was alloc'd at
    ==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==6055==    by 0x10EB2E: main (testparm.c:830)
    ==6055==
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3)

commit 4b35fa3f85e6ce8811a47e3d42049fecc0045d2f
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:35:51 2022 +0100

    s3/utils: Fix use after free with popt 1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==5914== Invalid read of size 1
    ==5914==    at 0x4FDF740: strlcpy (in /usr/lib64/libbsd.so.0.11.6)
    ==5914==    by 0x49E09A9: tdbsam_getsampwnam (pdb_tdb.c:583)
    ==5914==    by 0x49D94E5: pdb_getsampwnam (pdb_interface.c:340)
    ==5914==    by 0x10DED1: print_user_info (pdbedit.c:372)
    ==5914==    by 0x111413: main (pdbedit.c:1324)
    ==5914==  Address 0x73b6750 is 0 bytes inside a block of size 7 free'd
    ==5914==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5914==    by 0x4C508B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5914==    by 0x4C515D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5914==    by 0x1113E6: main (pdbedit.c:1323)
    ==5914==  Block was alloc'd at
    ==5914==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5914==    by 0x4C522EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5914==    by 0x110AE5: main (pdbedit.c:1137)
    ==5914==
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit e82699fcca3716d9ed0450263fd83f948de8ffbe)

commit 1efcc10c9d4f4f35ea22322e427989112a3bae51
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:26:24 2022 +0100

    s3/utils: Add missing poptFreeContext
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 31d3d10b260f05080ca0a3cf9434aa4704d60739)

commit da11c48d9b69b394e2d01b3405aba24b17e671e0
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 11:23:37 2022 +0100

    s3/param: Fix use after free with popt-1.19
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 8
    ==5325==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 2
    ==5325==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
    ==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 8
    ==5325==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 2
    ==5325==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    ==5325== Invalid read of size 1
    ==5325==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
    ==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
    ==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
    ==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
    ==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
    ==5325==    by 0x10ABD7: main (test_lp_load.c:98)
    ==5325==  Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
    ==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB8E: main (test_lp_load.c:90)
    ==5325==  Block was alloc'd at
    ==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==5325==    by 0x10AB49: main (test_lp_load.c:74)
    ==5325==
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit ff003fc87b8164610dfd6572347c05308c4b2fd7)

commit 0503e0df3b6b0b02c54c50f25e77b39de90ca575
Author: Noel Power <noel.power at suse.com>
Date:   Fri Oct 14 10:03:17 2022 +0100

    s3/rpcclient: Duplicate string returned from poptGetArg
    
    popt1.19 fixes a leak that exposes a use as free,
    make sure we duplicate return of poptGetArg if
    poptFreeContext is called before we use it.
    
    ==4407== Invalid read of size 1
    ==4407==    at 0x146263: main (rpcclient.c:1262)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x14627D: main (rpcclient.c:1263)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980E1C: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980E1C: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 8
    ==4407==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
    ==4407==    by 0x4980E32: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    ==4407==
    ==4407== Invalid read of size 1
    ==4407==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
    ==4407==    by 0x4980E32: talloc_strdup (talloc.c:2470)
    ==4407==    by 0x488CD96: dcerpc_parse_binding (binding.c:320)
    ==4407==    by 0x1462B1: main (rpcclient.c:1267)
    ==4407==  Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd
    ==4407==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x146227: main (rpcclient.c:1251)
    ==4407==  Block was alloc'd at
    ==4407==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==4407==    by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
    ==4407==    by 0x1461BC: main (rpcclient.c:1219)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit d26d3d9bff61f796c9c9ab54990ea078f575ab1e)

-----------------------------------------------------------------------

Summary of changes:
 source3/auth/auth_samba4.c                 |  8 ++--
 source3/param/test_lp_load.c               |  7 ++-
 source3/rpcclient/rpcclient.c              |  2 +-
 source3/utils/mdsearch.c                   |  1 +
 source3/utils/pdbedit.c                    | 12 ++++-
 source3/utils/testparm.c                   | 11 +++--
 source4/lib/messaging/messaging.c          | 74 +++++++++++++++++++++++++++++-
 source4/lib/messaging/messaging.h          |  5 ++
 source4/lib/messaging/messaging_internal.h |  9 ++++
 source4/lib/registry/tools/regpatch.c      |  2 +-
 10 files changed, 117 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index ff8dc94d296..6c017ef4aa3 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -241,12 +241,12 @@ static NTSTATUS prepare_gensec(const struct auth_context *auth_context,
 		return NT_STATUS_INVALID_SERVER_STATE;
 	}
 
-	msg_ctx = imessaging_init(frame,
+	msg_ctx = imessaging_init_discard_incoming(frame,
 				  lp_ctx,
 				  *server_id,
 				  event_ctx);
 	if (msg_ctx == NULL) {
-		DEBUG(1, ("imessaging_init failed\n"));
+		DEBUG(1, ("imessaging_init_discard_incoming failed\n"));
 		TALLOC_FREE(frame);
 		return NT_STATUS_INVALID_SERVER_STATE;
 	}
@@ -324,12 +324,12 @@ static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context,
 		return NT_STATUS_INVALID_SERVER_STATE;
 	}
 
-	msg_ctx = imessaging_init(frame,
+	msg_ctx = imessaging_init_discard_incoming(frame,
 				  lp_ctx,
 				  *server_id,
 				  event_ctx);
 	if (msg_ctx == NULL) {
-		DEBUG(1, ("imessaging_init failed\n"));
+		DEBUG(1, ("imessaging_init_discard_incoming failed\n"));
 		TALLOC_FREE(frame);
 		return NT_STATUS_INVALID_SERVER_STATE;
 	}
diff --git a/source3/param/test_lp_load.c b/source3/param/test_lp_load.c
index 2c6a5c8891b..9f3d5516805 100644
--- a/source3/param/test_lp_load.c
+++ b/source3/param/test_lp_load.c
@@ -82,7 +82,12 @@ int main(int argc, const char **argv)
 	}
 
 	if (poptPeekArg(pc)) {
-		config_file = poptGetArg(pc);
+		config_file = talloc_strdup(frame, poptGetArg(pc));
+		if (config_file == NULL) {
+			DBG_ERR("out of memory\n");
+			TALLOC_FREE(frame);
+			exit(1);
+		}
 	} else {
 		config_file = get_dyn_CONFIGFILE();
 	}
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 4042d0d60be..27fe5d705c6 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -1238,7 +1238,7 @@ out_free:
 	/* Get server as remaining unparsed argument.  Print usage if more
 	   than one unparsed argument is present. */
 
-	server = poptGetArg(pc);
+	server = talloc_strdup(frame, poptGetArg(pc));
 
 	if (!server || poptGetArg(pc)) {
 		poptPrintHelp(pc, stderr, 0);
diff --git a/source3/utils/mdsearch.c b/source3/utils/mdsearch.c
index ac0b75fca51..ab48e366a0a 100644
--- a/source3/utils/mdsearch.c
+++ b/source3/utils/mdsearch.c
@@ -242,6 +242,7 @@ int main(int argc, char **argv)
 	return 0;
 
 fail:
+	poptFreeContext(pc);
 	TALLOC_FREE(frame);
 	return 1;
 }
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 4fdcc3ee428..ede467108bb 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -1149,8 +1149,16 @@ int main(int argc, const char **argv)
 
 	poptGetArg(pc); /* Drop argv[0], the program name */
 
-	if (user_name == NULL)
-		user_name = poptGetArg(pc);
+	if (user_name == NULL) {
+		if (poptPeekArg(pc)) {
+			user_name = talloc_strdup(frame, poptGetArg(pc));
+			if (user_name == NULL) {
+				fprintf(stderr, "out of memory\n");
+				TALLOC_FREE(frame);
+				exit(1);
+			}
+		}
+	}
 
 	setparms =	(backend ? BIT_BACKEND : 0) +
 			(verbose ? BIT_VERBOSE : 0) +
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 71bc4c2694e..27a8bc1fb8e 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -844,13 +844,18 @@ static void do_per_share_checks(int s)
 	}
 
 	if (poptPeekArg(pc)) {
-		config_file = poptGetArg(pc);
+		config_file = talloc_strdup(frame, poptGetArg(pc));
+                if (config_file == NULL) {
+                        DBG_ERR("out of memory\n");
+                        TALLOC_FREE(frame);
+                        exit(1);
+                }
 	} else {
 		config_file = get_dyn_CONFIGFILE();
 	}
 
-	cname = poptGetArg(pc);
-	caddr = poptGetArg(pc);
+	cname = talloc_strdup(frame, poptGetArg(pc));
+	caddr = talloc_strdup(frame, poptGetArg(pc));
 
 	poptFreeContext(pc);
 
diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c
index a00c35be0d5..8603c167ad4 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -429,6 +429,12 @@ static NTSTATUS imessaging_reinit(struct imessaging_context *msg)
 
 	TALLOC_FREE(msg->msg_dgm_ref);
 
+	if (msg->discard_incoming) {
+		msg->num_incoming_listeners = 0;
+	} else {
+		msg->num_incoming_listeners = 1;
+	}
+
 	msg->server_id.pid = getpid();
 
 	msg->msg_dgm_ref = messaging_dgm_ref(msg,
@@ -469,7 +475,9 @@ NTSTATUS imessaging_reinit_all(void)
 /*
   create the listening socket and setup the dispatcher
 */
-struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
+static struct imessaging_context *imessaging_init_internal(
+					   TALLOC_CTX *mem_ctx,
+					   bool discard_incoming,
 					   struct loadparm_context *lp_ctx,
 					   struct server_id server_id,
 					   struct tevent_context *ev)
@@ -490,6 +498,12 @@ struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
 		return NULL;
 	}
 	msg->ev = ev;
+	msg->discard_incoming = discard_incoming;
+	if (msg->discard_incoming) {
+		msg->num_incoming_listeners = 0;
+	} else {
+		msg->num_incoming_listeners = 1;
+	}
 
 	talloc_set_destructor(msg, imessaging_context_destructor);
 
@@ -601,6 +615,36 @@ fail:
 	return NULL;
 }
 
+/*
+  create the listening socket and setup the dispatcher
+*/
+struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
+					   struct loadparm_context *lp_ctx,
+					   struct server_id server_id,
+					   struct tevent_context *ev)
+{
+	bool discard_incoming = false;
+	return imessaging_init_internal(mem_ctx,
+					discard_incoming,
+					lp_ctx,
+					server_id,
+					ev);
+}
+
+struct imessaging_context *imessaging_init_discard_incoming(
+						TALLOC_CTX *mem_ctx,
+						struct loadparm_context *lp_ctx,
+						struct server_id server_id,
+						struct tevent_context *ev)
+{
+	bool discard_incoming = true;
+	return imessaging_init_internal(mem_ctx,
+					discard_incoming,
+					lp_ctx,
+					server_id,
+					ev);
+}
+
 struct imessaging_post_state {
 	struct imessaging_context *msg_ctx;
 	struct imessaging_post_state **busy_ref;
@@ -697,6 +741,22 @@ static void imessaging_dgm_recv(struct tevent_context *ev,
 		return;
 	}
 
+	if (msg->num_incoming_listeners == 0) {
+		struct server_id_buf selfbuf;
+
+		message_hdr_get(&msg_type, &src, &dst, buf);
+
+		DBG_DEBUG("not listening - discarding message from "
+			  "src[%s] to dst[%s] (self[%s]) type=0x%x "
+			  "on %s event context\n",
+			   server_id_str_buf(src, &srcbuf),
+			   server_id_str_buf(dst, &dstbuf),
+			   server_id_str_buf(msg->server_id, &selfbuf),
+			   (unsigned)msg_type,
+			   (ev != msg->ev) ? "different" : "main");
+		return;
+	}
+
 	if (ev != msg->ev) {
 		int ret;
 		ret = imessaging_post_self(msg, buf, buf_len);
@@ -758,8 +818,9 @@ struct imessaging_context *imessaging_client_init(TALLOC_CTX *mem_ctx,
 	/* This is because we are not in the s3 serverid database */
 	id.unique_id = SERVERID_UNIQUE_ID_NOT_TO_VERIFY;
 
-	return imessaging_init(mem_ctx, lp_ctx, id, ev);
+	return imessaging_init_discard_incoming(mem_ctx, lp_ctx, id, ev);
 }
+
 /*
   a list of registered irpc server functions
 */
@@ -975,6 +1036,12 @@ static int irpc_destructor(struct irpc_request *irpc)
 {
 	if (irpc->callid != -1) {
 		idr_remove(irpc->msg_ctx->idr, irpc->callid);
+		if (irpc->msg_ctx->discard_incoming) {
+			SMB_ASSERT(irpc->msg_ctx->num_incoming_listeners > 0);
+		} else {
+			SMB_ASSERT(irpc->msg_ctx->num_incoming_listeners > 1);
+		}
+		irpc->msg_ctx->num_incoming_listeners -= 1;
 		irpc->callid = -1;
 	}
 
@@ -1168,6 +1235,9 @@ static struct tevent_req *irpc_bh_raw_call_send(TALLOC_CTX *mem_ctx,
 	state->irpc->incoming.handler = irpc_bh_raw_call_incoming_handler;
 	state->irpc->incoming.private_data = req;
 
+	/* make sure we accept incoming messages */
+	SMB_ASSERT(state->irpc->msg_ctx->num_incoming_listeners < UINT64_MAX);
+	state->irpc->msg_ctx->num_incoming_listeners += 1;
 	talloc_set_destructor(state->irpc, irpc_destructor);
 
 	/* setup the header */
diff --git a/source4/lib/messaging/messaging.h b/source4/lib/messaging/messaging.h
index 3fd788d1e42..e7ae9e8cc46 100644
--- a/source4/lib/messaging/messaging.h
+++ b/source4/lib/messaging/messaging.h
@@ -49,6 +49,11 @@ struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
 					   struct loadparm_context *lp_ctx,
 					   struct server_id server_id,
 					   struct tevent_context *ev);
+struct imessaging_context *imessaging_init_discard_incoming(
+						TALLOC_CTX *mem_ctx,
+						struct loadparm_context *lp_ctx,
+						struct server_id server_id,
+						struct tevent_context *ev);
 void imessaging_dgm_unref_ev(struct tevent_context *ev);
 NTSTATUS imessaging_reinit_all(void);
 int imessaging_cleanup(struct imessaging_context *msg);
diff --git a/source4/lib/messaging/messaging_internal.h b/source4/lib/messaging/messaging_internal.h
index 5e99734ad60..ac254c22631 100644
--- a/source4/lib/messaging/messaging_internal.h
+++ b/source4/lib/messaging/messaging_internal.h
@@ -33,6 +33,15 @@ struct imessaging_context {
 	struct server_id_db *names;
 	struct timeval start_time;
 	void *msg_dgm_ref;
+	/*
+	 * The number of instances waiting for incoming
+	 * messages. By default it's always greater than 0.
+	 *
+	 * If it's 0 we'll discard incoming messages,
+	 * see imessaging_init_discard_imcoming().
+	 */
+	bool discard_incoming;
+	uint64_t num_incoming_listeners;
 };
 
 NTSTATUS imessaging_register_extra_handlers(struct imessaging_context *msg);
diff --git a/source4/lib/registry/tools/regpatch.c b/source4/lib/registry/tools/regpatch.c
index 2be78d143ef..eafaff6cf99 100644
--- a/source4/lib/registry/tools/regpatch.c
+++ b/source4/lib/registry/tools/regpatch.c
@@ -101,7 +101,7 @@ int main(int argc, char **argv)
 		return 1;
 	}
 
-	patch = poptGetArg(pc);
+	patch = talloc_strdup(mem_ctx, poptGetArg(pc));
 	if (patch == NULL) {
 		poptPrintUsage(pc, stderr, 0);
 		TALLOC_FREE(mem_ctx);


-- 
Samba Shared Repository



More information about the samba-cvs mailing list