[PATCH] Fix bug 12135 - net ads gpo refresh can crash with null pointer deref.
Jeremy Allison
jra at samba.org
Tue Aug 9 21:41:16 UTC 2016
First patch ensures cli_connect_nb_send() errors with EINVAL
if not given a host or IP address. Second patch fixes the
problem that allows net ads gpo refresh to do so.
Please review !
Jeremy.
-------------- next part --------------
From e0499f1d9f963be598fd859d10e43c1d0e1df891 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 8 Aug 2016 16:53:21 -0700
Subject: [PATCH 1/2] s3: libsmb: Protect cli_connect_nb_send() from being
passed a NULL hostname and dest_ss.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/libsmb/cliconnect.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ebba8f2..33759d9 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -3108,11 +3108,15 @@ static struct tevent_req *cli_connect_nb_send(
}
state->desthost = host;
- } else {
+ } else if (dest_ss != NULL) {
state->desthost = print_canonical_sockaddr(state, dest_ss);
if (tevent_req_nomem(state->desthost, req)) {
return tevent_req_post(req, ev);
}
+ } else {
+ /* No host or dest_ss given. Error out. */
+ tevent_req_error(req, EINVAL);
+ return tevent_req_post(req, ev);
}
subreq = cli_connect_sock_send(state, ev, host, name_type, dest_ss,
--
2.8.0.rc3.226.g39d4020
From 5764a3bd7d62127ba8645458a33015a8d355e7f9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 Aug 2016 11:57:20 -0700
Subject: [PATCH 2/2] libgpo: Correctly use the 'server' parameter after
parsing it out of the GPO path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135
Signed-off-by: Jeremy Allison <jra at samba.org>
---
libgpo/gpo_fetch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 97ecd62..836bc23 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -166,7 +166,7 @@ NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
/* for now reuse the existing ds connection */
- result = gpo_connect_server(ads, ads->server.ldap_server, service, &cli);
+ result = gpo_connect_server(ads, server, service, &cli);
NT_STATUS_NOT_OK_RETURN(result);
result = gpo_prepare_local_store(mem_ctx, cache_dir, unix_path);
--
2.8.0.rc3.226.g39d4020
More information about the samba-technical
mailing list