[PATCH] build and use-after free fixes found during Solaris work

Rusty Russell rusty at samba.org
Tue Mar 26 20:30:33 MDT 2013


Andrew Bartlett <abartlet at samba.org> writes:

> On Solaris-derived systems (OpenIndiana in this case) I found we needed
> to avoid the libidmap.so name, and I found a use-after-free in the auth
> code at debug level 5.
>
> See Attached, please review and or push.

Hmm... I can't git-am that mail, since it applies it as one commit.

If I munpack to extract the attachmentds, git-am doesn't like the >
before the top from, so I have to edit it manually.

And while I can read these patches, I actually reviewed your git tree,
where I could grep and look at files to see if you'd missed anything.

And if I were to apply and push these, I'm implicitly doing a rebase.
That's fine for these little patches, but for more serious work it can
hide problems.

Finally, you didn't Sign-off either of them, but that seems normal?

Patches are fine, BTW :)

Cheers,
Rusty.

>>From 018e5fc18b1ef07b35f15e9661866b9247395c70 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Wed, 27 Mar 2013 12:11:41 +1100
> Subject: [PATCH 2/2] build: Rename idmap to samba_idmap to make library name
>  more unique
>
> We may wish to store the BUNDLED_LIBRARY_EXTENSION for private, unbundled libs to avoid
> this in the future, but for now this fixes OpenIndiana which has a libidmap.so

Reviewed-by: Rusty Russell <rusty at rustcorp.com.au>

>>From e5a7dc060d7f491f6e4f25495615b4d0bf637d85 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Fri, 15 Mar 2013 13:00:55 +1100
> Subject: [PATCH 1/2] auth/ntlmssp: Avoid use-after-free of user_info after
>  logon failure at log level 5

Reviewed-by: Rusty Russell <rusty at rustcorp.com.au>

Cheers,
Rusty.


More information about the samba-technical mailing list