[PATCH] Fix use after free in resolve_name()

Andreas Schneider asn at samba.org
Fri Oct 23 14:41:43 UTC 2015


On Friday 23 October 2015 10:23:20 Volker Lendecke wrote:
> On Fri, Oct 23, 2015 at 10:13:27AM +0300, Uri Simchoni wrote:
> > On 10/22/2015 03:13 PM, Andreas Schneider wrote:
> > >Subject: [PATCH 1/3] s3-libsmb: Fix invalid memory access to resolve
> > >order
> > >
> > >  string list
> > >
> > >This make sure we do not end up accessing invalid memory because a samba
> > >nss module reinitializes the globals.
> > >Subject: [PATCH 1/3] s3-libsmb: Fix invalid memory access to resolve
> > >order
> > >
> > >  string list
> > >
> > >This make sure we do not end up accessing invalid memory because a samba
> > >nss module reinitializes the globals.
> > 
> > Yikes! I tend to think of nss modules as canned components that just
> > do their thing. It's very surprising (in a negative way) when
> > they're not. Best thing would be to link libnss_wins.so statically
> > with other samba code, so that it would have its own copy of
> > everything.
> > 
> > If that's not feasible, maybe what we should aim for is "if globals
> > have been initialized, don't reinitialize them". Maybe call
> > lp_load_global_no_reinit() from nss_wins?
> > 
> > After all, who knows what other surprises are hidden by this reinit?
> > Seems to me like the coding convention around lp_xxx() is that you
> > can pass it around down the stack but if you want to save it beyond
> > this call flow then you need your own copy.
> > 
> > (and, maybe that's the cue for nss_wins retirement plan? who uses
> > wins these days?)
> 
> The real fix is to convert libnss_wins to use very simple
> winbind calls. We just removed pam_smbpass for different
> reasons.

Ok, I will create a lp_load_global_no_reinit() patch for 4.3 and 4.2 and will 
do a port to use libwbclient for master ...


	-- andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list