[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Thu Jan 5 18:01:01 UTC 2023 

The branch, master has been updated
       via  dd86376294f smbd: Fix indentation
       via  17e9758b537 smbd: Fix CID 1518901 Logically dead code
       via  c1be654988a smbd: Fix CID 1518902 Use after free
      from  316b8fa4a8a nsswitch: remove winbind_nss_mutex

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit dd86376294fd4117521dd550165ee4943ae8bec1
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 5 15:17:44 2023 +0100

    smbd: Fix indentation
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Thu Jan  5 18:00:17 UTC 2023 on sn-devel-184

commit 17e9758b537e3a43f4f290debdc2b812abb394ed
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 5 15:17:14 2023 +0100

    smbd: Fix CID 1518901 Logically dead code
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit c1be654988a14ed5ac7fb337716cb8f41daebca1
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 5 15:11:10 2023 +0100

    smbd: Fix CID 1518902 Use after free
    
    The SMB_REALLOC macro properly deals with failure to realloc, so
    overwriting the target variable is correct here.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb1_trans2.c | 55 +++++++++++-----------------------------------
 1 file changed, 13 insertions(+), 42 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb1_trans2.c b/source3/smbd/smb1_trans2.c
index 815e529b231..336024c9456 100644
--- a/source3/smbd/smb1_trans2.c
+++ b/source3/smbd/smb1_trans2.c
@@ -2113,15 +2113,13 @@ static NTSTATUS smb_q_unix_basic(
 	int *ptotal_data)
 {
 	const int total_data = 100;
-	char *pdata = NULL;
 
-	pdata = SMB_REALLOC(*ppdata, total_data);
-	if (pdata == NULL) {
+	*ppdata = SMB_REALLOC(*ppdata, total_data);
+	if (*ppdata == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	store_file_unix_basic(conn, pdata, fsp, &smb_fname->st);
+	store_file_unix_basic(conn, *ppdata, fsp, &smb_fname->st);
 
-	*ppdata = pdata;
 	*ptotal_data = total_data;
 
 	return NT_STATUS_OK;
@@ -2136,15 +2134,13 @@ static NTSTATUS smb_q_unix_info2(
 	int *ptotal_data)
 {
 	const int total_data = 116;
-	char *pdata = NULL;
 
-	pdata = SMB_REALLOC(*ppdata, total_data);
-	if (pdata == NULL) {
+	*ppdata = SMB_REALLOC(*ppdata, total_data);
+	if (*ppdata == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	store_file_unix_basic_info2(conn, pdata, fsp, &smb_fname->st);
+	store_file_unix_basic_info2(conn, *ppdata, fsp, &smb_fname->st);
 
-	*ppdata = pdata;
 	*ptotal_data = total_data;
 
 	return NT_STATUS_OK;
@@ -2442,12 +2438,12 @@ static NTSTATUS smb_q_posix_acl(
 	}
 	size_needed += SMB_POSIX_ACL_HEADER_SIZE;
 
-	pdata = SMB_REALLOC(*ppdata, size_needed);
-	if (pdata == NULL) {
+	*ppdata = SMB_REALLOC(*ppdata, size_needed);
+	if (*ppdata == NULL) {
 		status = NT_STATUS_NO_MEMORY;
 		goto out;
 	}
-	*ppdata = pdata;
+	pdata = *ppdata;
 
 	SSVAL(pdata,0,SMB_POSIX_ACL_VERSION);
 	SSVAL(pdata,2,num_file_acls);
@@ -2547,11 +2543,11 @@ static NTSTATUS smb_q_posix_symlink(
 
 	needed = (link_len+1)*2;
 
-	pdata = SMB_REALLOC(*ppdata, needed);
-	if (pdata == NULL) {
+	*ppdata = SMB_REALLOC(*ppdata, needed);
+	if (*ppdata == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	*ppdata = pdata;
+	pdata = *ppdata;
 
 	status = srvstr_push(
 		pdata,
@@ -4413,7 +4409,6 @@ static void call_trans2setpathinfo(
 	struct files_struct *fsp = NULL;
 	char *params = *pparams;
 	uint32_t ucf_flags = ucf_flags_from_smb_request(req);
-	bool require_existing_object = true;
 	NTTIME twrp = 0;
 	char *fname = NULL;
 	bool info_level_handled;
@@ -4549,7 +4544,7 @@ static void call_trans2setpathinfo(
 	case SMB_SET_POSIX_ACL:
 		status = smb_set_posix_acl(
 			conn, req, *ppdata, total_data, NULL, smb_fname);
-			break;
+		break;
 	}
 
 	if (info_level_handled) {
@@ -4571,30 +4566,6 @@ static void call_trans2setpathinfo(
 	 */
 	fsp = smb_fname->fsp;
 
-	/*
-	 * There are 4 info levels which can
-	 * create a new object in the filesystem.
-	 * They are:
-	 * SMB_SET_FILE_UNIX_LINK -> creates POSIX symlink.
-	 * SMB_POSIX_PATH_OPEN -> creates POSIX file or directory.
-	 * SMB_SET_FILE_UNIX_BASIC:
-	 * SMB_SET_FILE_UNIX_INFO2: can create a POSIX special file.
-	 *
-	 * These info levels do not require an existing object.
-	 */
-	switch (info_level) {
-	case SMB_SET_FILE_UNIX_BASIC:
-	case SMB_SET_FILE_UNIX_INFO2:
-		require_existing_object = false;
-		break;
-	default:
-		break;
-	}
-
-	if (!VALID_STAT(smb_fname->st) && require_existing_object) {
-		reply_nterror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND);
-	}
-
 	status = smbd_do_setfilepathinfo(
 		conn,
 		req,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list