[SCM] Samba Shared Repository - branch v4-16-test updated
Jule Anger
janger at samba.org
Wed Sep 28 20:11:01 UTC 2022
The branch, v4-16-test has been updated
via 2f71273a736 s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
via 04e54799b2b vfs_gpfs: Protect against timestamps before the Unix epoch
via 08383bedc3b lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
via 729bbca5e88 vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
from 6a0280d9553 CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test
- Log -----------------------------------------------------------------
commit 2f71273a73673da7d2a12e61cbcc3242b2c9958a
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 14 17:05:05 2022 -0700
s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
The function smbd_server_connection_terminate_done() does not free subreq
which is allocated in smbXsrv_connection_shutdown_send, this can be a
memory leakage if multi-channel is enabled.
Suggested fix by haihua yang <hhyangdev at gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
(cherry picked from commit b600b0c8d9690cb5eeded1e5925c8e667c11af04)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Wed Sep 28 20:10:04 UTC 2022 on sn-devel-184
commit 04e54799b2bc4666f69106fc7f1236237eae73a9
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 22 15:24:01 2022 +0200
vfs_gpfs: Protect against timestamps before the Unix epoch
In addition to b954d181cd2 we should also protect against timestamps
before the epoch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184
(cherry picked from commit f6b391e04a4d5974b908f4f375bd2876083aa7b2)
commit 08383bedc3be4807dc2b8fb018790de9e00c5606
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 1 13:24:55 2020 +0200
lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184
(cherry picked from commit 06f35edaf129ce3195960905d38af73ec12fc716)
(cherry picked from commit e56c18d356bd3419abebd36e1fae39019cabbfaf)
commit 729bbca5e88d9c7bee4fccd2e3c9a8f14b9f8ae7
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 31 16:14:14 2020 +0200
vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
should not silently garble time stamps but reject the attempt to set
an out-of-range timestamp.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
(cherry picked from commit b954d181cd25d9029d3c222e8d97fe7a3b0b2400)
-----------------------------------------------------------------------
Summary of changes:
source3/lib/errmap_unix.c | 3 +++
source3/modules/vfs_gpfs.c | 43 +++++++++++++++++++++++++++++++++----------
source3/smbd/smb2_server.c | 1 +
3 files changed, 37 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c
index 73b2f532a06..029efae0f51 100644
--- a/source3/lib/errmap_unix.c
+++ b/source3/lib/errmap_unix.c
@@ -119,6 +119,9 @@ static const struct {
{ EOVERFLOW, NT_STATUS_ALLOTTED_SPACE_EXCEEDED },
#endif
{ EINPROGRESS, NT_STATUS_MORE_PROCESSING_REQUIRED },
+#ifdef ERANGE
+ { ERANGE, NT_STATUS_INTEGER_OVERFLOW },
+#endif
};
/*********************************************************************
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 6b084fd79a5..fc6e7a65b27 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1706,15 +1706,27 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
return ret;
}
-static void timespec_to_gpfs_time(struct timespec ts, gpfs_timestruc_t *gt,
- int idx, int *flags)
+static int timespec_to_gpfs_time(
+ struct timespec ts, gpfs_timestruc_t *gt, int idx, int *flags)
{
- if (!is_omit_timespec(&ts)) {
- *flags |= 1 << idx;
- gt[idx].tv_sec = ts.tv_sec;
- gt[idx].tv_nsec = ts.tv_nsec;
- DEBUG(10, ("Setting GPFS time %d, flags 0x%x\n", idx, *flags));
+ if (is_omit_timespec(&ts)) {
+ return 0;
}
+
+ if (ts.tv_sec < 0 || ts.tv_sec > UINT32_MAX) {
+ DBG_NOTICE("GPFS uses 32-bit unsigned timestamps "
+ "and cannot handle %jd.\n",
+ (intmax_t)ts.tv_sec);
+ errno = ERANGE;
+ return -1;
+ }
+
+ *flags |= 1 << idx;
+ gt[idx].tv_sec = ts.tv_sec;
+ gt[idx].tv_nsec = ts.tv_nsec;
+ DBG_DEBUG("Setting GPFS time %d, flags 0x%x\n", idx, *flags);
+
+ return 0;
}
static int smbd_gpfs_set_times(struct files_struct *fsp,
@@ -1725,10 +1737,21 @@ static int smbd_gpfs_set_times(struct files_struct *fsp,
int rc;
ZERO_ARRAY(gpfs_times);
- timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
- timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
+ rc = timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
+ if (rc != 0) {
+ return rc;
+ }
+
+ rc = timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
+ if (rc != 0) {
+ return rc;
+ }
+
/* No good mapping from LastChangeTime to ctime, not storing */
- timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
+ rc = timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
+ if (rc != 0) {
+ return rc;
+ }
if (!flags) {
DBG_DEBUG("nothing to do, return to avoid EINVAL\n");
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 042f343b0ca..f4e16cb7da9 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1643,6 +1643,7 @@ static void smbd_server_connection_terminate_done(struct tevent_req *subreq)
NTSTATUS status;
status = smbXsrv_connection_shutdown_recv(subreq);
+ TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
exit_server("smbXsrv_connection_shutdown_recv failed");
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list