libcli/auth/ntlmssp Be clear about talloc parents for session keys
Jeremy Allison
jra at samba.org
Thu Sep 16 19:22:25 MDT 2010
On Fri, Sep 17, 2010 at 08:01:04AM +1000, Andrew Bartlett wrote:
> On Thu, 2010-09-16 at 12:00 -0700, Jeremy Allison wrote:
> > On Thu, Sep 16, 2010 at 01:08:03PM +0200, Andrew Tridgell wrote:
> > > The branch, master has been updated
> > > via b04b8b5 wbclient: gr_mem can be NULL
> > > via a163284 wbclient: paranoid check for double free
> > > via ff515ff tdb: added TDB_NO_FSYNC env variable
> > > via a394a81 torture/raw Allow one more 'not implemented' status return as a valid response
> > > via 4083b8a s4-torture assert that we get a temp datagram socket.
> > > via 6832d5e libcli/auth/ntlmssp Be clear about talloc parents for session keys
> > > via d5a4e53 s4-kdc: prevent segfault on bad trust strings
> > > via dc59de5 s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords
> > > via 5958997 s4-rpcserver: allow saving of bad RPC packets
> > > via 83a24ff pidl: prevent ndr_print_*() dying on NULL pointers
> > > from 14340a4 idl: Added EPMAPPER_STATUS_CANT_PERFORM_OP.
> > >
> > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> > >
> > > commit 6832d5e9334f93d2b41fa50580379a2381311748
> > > Author: Andrew Bartlett <abartlet at samba.org>
> > > Date: Thu Sep 16 14:37:20 2010 +1000
> > >
> > > libcli/auth/ntlmssp Be clear about talloc parents for session keys
> > >
> > > The previous API was not clear as to who owned the returned session key.
> > > This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
> > > and avoids making allocations - we steal and zero instead.
> > >
> > > Andrew Bartlett
> > >
> > > Signed-off-by: Andrew Tridgell <tridge at samba.org>
> >
> > Andrew(s) - this looks like it would be neccessary for 3.6.0
> > but the cherry-pick doesn't apply. Can you please review and
> > back port for the next production release, thanks !
>
> I've looked into it, and it seems not to be required (as long as
> auth_ntlmssp_state has the same lifetime as ntlmssp_state, which as far
> as I can tell it does), but for clarity I'll move the allocations in
> auth_ntlmssp_check_password() across. I won't do the full change to
> steal etc, because the code is a different structure here (not the new
> common code).
>
> See this proposed patch, which passes 'make test' (I've not checked with
> vagrind however).
>
> The original valgrind error showed up in a run Tridge did of source4 -
> there we have 'session key' tests that check all the NTLMSSP flag
> codepaths - but as this is (in master) common code I needed to tidy up
> all the callers.
Thanks a lot for this. I'll review once I'm out of "slide development hell"
for the SNIA conf :-).
Cheers,
Jeremy.
More information about the samba-technical
mailing list