[SCM] Samba Shared Repository - branch v4-16-test updated

Jule Anger janger at samba.org
Wed Sep 28 20:11:01 UTC 2022 

The branch, v4-16-test has been updated
       via  2f71273a736 s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
       via  04e54799b2b vfs_gpfs: Protect against timestamps before the Unix epoch
       via  08383bedc3b lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
       via  729bbca5e88 vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
      from  6a0280d9553 CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test


- Log -----------------------------------------------------------------
commit 2f71273a73673da7d2a12e61cbcc3242b2c9958a
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Sep 14 17:05:05 2022 -0700

    s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
    
    The function smbd_server_connection_terminate_done() does not free subreq
    which is allocated in smbXsrv_connection_shutdown_send, this can be a
    memory leakage if multi-channel is enabled.
    
    Suggested fix by haihua yang <hhyangdev at gmail.com>
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Noel Power <noel.power at suse.com>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
    
    (cherry picked from commit b600b0c8d9690cb5eeded1e5925c8e667c11af04)
    
    Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-16-test): Wed Sep 28 20:10:04 UTC 2022 on sn-devel-184

commit 04e54799b2bc4666f69106fc7f1236237eae73a9
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Aug 22 15:24:01 2022 +0200

    vfs_gpfs: Protect against timestamps before the Unix epoch
    
    In addition to b954d181cd2 we should also protect against timestamps
    before the epoch.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184
    
    (cherry picked from commit f6b391e04a4d5974b908f4f375bd2876083aa7b2)

commit 08383bedc3be4807dc2b8fb018790de9e00c5606
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Sep 1 13:24:55 2020 +0200

    lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 06f35edaf129ce3195960905d38af73ec12fc716)
    (cherry picked from commit e56c18d356bd3419abebd36e1fae39019cabbfaf)

commit 729bbca5e88d9c7bee4fccd2e3c9a8f14b9f8ae7
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Aug 31 16:14:14 2020 +0200

    vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
    
    gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
    should not silently garble time stamps but reject the attempt to set
    an out-of-range timestamp.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Christof Schmitt <cs at samba.org>
    (cherry picked from commit b954d181cd25d9029d3c222e8d97fe7a3b0b2400)

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/errmap_unix.c  |  3 +++
 source3/modules/vfs_gpfs.c | 43 +++++++++++++++++++++++++++++++++----------
 source3/smbd/smb2_server.c |  1 +
 3 files changed, 37 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c
index 73b2f532a06..029efae0f51 100644
--- a/source3/lib/errmap_unix.c
+++ b/source3/lib/errmap_unix.c
@@ -119,6 +119,9 @@ static const struct {
 	{ EOVERFLOW,      NT_STATUS_ALLOTTED_SPACE_EXCEEDED },
 #endif
 	{ EINPROGRESS,	NT_STATUS_MORE_PROCESSING_REQUIRED },
+#ifdef ERANGE
+	{ ERANGE, NT_STATUS_INTEGER_OVERFLOW },
+#endif
 };
 
 /*********************************************************************
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 6b084fd79a5..fc6e7a65b27 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1706,15 +1706,27 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
 	return ret;
 }
 
-static void timespec_to_gpfs_time(struct timespec ts, gpfs_timestruc_t *gt,
-				  int idx, int *flags)
+static int timespec_to_gpfs_time(
+	struct timespec ts, gpfs_timestruc_t *gt, int idx, int *flags)
 {
-	if (!is_omit_timespec(&ts)) {
-		*flags |= 1 << idx;
-		gt[idx].tv_sec = ts.tv_sec;
-		gt[idx].tv_nsec = ts.tv_nsec;
-		DEBUG(10, ("Setting GPFS time %d, flags 0x%x\n", idx, *flags));
+	if (is_omit_timespec(&ts)) {
+		return 0;
 	}
+
+	if (ts.tv_sec < 0 || ts.tv_sec > UINT32_MAX) {
+		DBG_NOTICE("GPFS uses 32-bit unsigned timestamps "
+			   "and cannot handle %jd.\n",
+			   (intmax_t)ts.tv_sec);
+		errno = ERANGE;
+		return -1;
+	}
+
+	*flags |= 1 << idx;
+	gt[idx].tv_sec = ts.tv_sec;
+	gt[idx].tv_nsec = ts.tv_nsec;
+	DBG_DEBUG("Setting GPFS time %d, flags 0x%x\n", idx, *flags);
+
+	return 0;
 }
 
 static int smbd_gpfs_set_times(struct files_struct *fsp,
@@ -1725,10 +1737,21 @@ static int smbd_gpfs_set_times(struct files_struct *fsp,
 	int rc;
 
 	ZERO_ARRAY(gpfs_times);
-	timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
-	timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
+	rc = timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
+	if (rc != 0) {
+		return rc;
+	}
+
+	rc = timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
+	if (rc != 0) {
+		return rc;
+	}
+
 	/* No good mapping from LastChangeTime to ctime, not storing */
-	timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
+	rc = timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
+	if (rc != 0) {
+		return rc;
+	}
 
 	if (!flags) {
 		DBG_DEBUG("nothing to do, return to avoid EINVAL\n");
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 042f343b0ca..f4e16cb7da9 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1643,6 +1643,7 @@ static void smbd_server_connection_terminate_done(struct tevent_req *subreq)
 	NTSTATUS status;
 
 	status = smbXsrv_connection_shutdown_recv(subreq);
+	TALLOC_FREE(subreq);
 	if (!NT_STATUS_IS_OK(status)) {
 		exit_server("smbXsrv_connection_shutdown_recv failed");
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list