[PATCH] Fix bug 12135 - net ads gpo refresh can crash with null pointer deref.

Jeremy Allison jra at samba.org
Tue Aug 9 21:41:16 UTC 2016


First patch ensures cli_connect_nb_send() errors with EINVAL
if not given a host or IP address. Second patch fixes the
problem that allows net ads gpo refresh to do so.

Please review !

Jeremy.
-------------- next part --------------
From e0499f1d9f963be598fd859d10e43c1d0e1df891 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 8 Aug 2016 16:53:21 -0700
Subject: [PATCH 1/2] s3: libsmb: Protect cli_connect_nb_send() from being
 passed a NULL hostname and dest_ss.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/libsmb/cliconnect.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ebba8f2..33759d9 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -3108,11 +3108,15 @@ static struct tevent_req *cli_connect_nb_send(
 		}
 
 		state->desthost = host;
-	} else {
+	} else if (dest_ss != NULL) {
 		state->desthost = print_canonical_sockaddr(state, dest_ss);
 		if (tevent_req_nomem(state->desthost, req)) {
 			return tevent_req_post(req, ev);
 		}
+	} else {
+		/* No host or dest_ss given. Error out. */
+		tevent_req_error(req, EINVAL);
+		return tevent_req_post(req, ev);
 	}
 
 	subreq = cli_connect_sock_send(state, ev, host, name_type, dest_ss,
-- 
2.8.0.rc3.226.g39d4020


From 5764a3bd7d62127ba8645458a33015a8d355e7f9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 Aug 2016 11:57:20 -0700
Subject: [PATCH 2/2] libgpo: Correctly use the 'server' parameter after
 parsing it out of the GPO path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 libgpo/gpo_fetch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 97ecd62..836bc23 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -166,7 +166,7 @@ NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
 
 	/* for now reuse the existing ds connection */
 
-	result = gpo_connect_server(ads, ads->server.ldap_server, service, &cli);
+	result = gpo_connect_server(ads, server, service, &cli);
 	NT_STATUS_NOT_OK_RETURN(result);
 
 	result = gpo_prepare_local_store(mem_ctx, cache_dir, unix_path);
-- 
2.8.0.rc3.226.g39d4020



More information about the samba-technical mailing list