[PATCH] smb2_create: move 'op' into scope (Re: [PATCHES] smb3 create replay (for multi-channel))

Michael Adam obnox at samba.org
Thu Mar 3 12:00:00 UTC 2016 

On 2016-03-03 at 09:43 +0100, Michael Adam wrote:
> On 2016-03-03 at 09:33 +0100, Michael Adam wrote:
> > On 2016-03-02 at 16:45 -0800, Jeremy Allison wrote:
> > > On Wed, Mar 02, 2016 at 10:45:11PM +0100, Michael Adam wrote:
> > > > 
> > > > Attached find the updated patchset.
> > > > Differences with the original one:
> > > 
> > > Pushing this, but autobuild is failing with:
> > > 
> > > [252(789)/1892 at 20m43s] samba3.blackbox.smbclient_machine_auth.plain (nt4_member:local)
> > > ERROR: Testsuite[samba3.blackbox.smbclient_machine_auth.plain (nt4_member:local)]
> > > REASON: unable to set up environment nt4_member:local - exiting
> > > 
> > > Don't think this is to do with your new code.
> > 
> > There was a NULL dereference of 'op' in smb2_create_send
> > right at the and, because I used op instead of result->op
> > in one (new) place. Usually these are the same at this
> > place, but for IPC or PRINT shares, we ended up here without
> > op == result->op but op == NULL.
> > 
> > Attached find the 2-line patch to be squashed into the
> > 'implement create replay' test to fix the crash.
> > I am running a full make test with this now and will
> > (given the in-retrospect obviousness) push once this has
> > passed.
> 
> Attached find a patch that would have prevented such
> pitfall by moving 'op' into the scope of its use.
> 
> Note: due to context change, it does not apply to current
> master but only on top of the create-replay patchset.

After receiving Volkers RB+ on this one and having
a successful full make test run locally (with the
null-deref fix in place plus one one other such
fix -- attached for reference-- hopefully.. :-),
I have pushed the whole patchest to autobuild.

Thanks again - Michael
-------------- next part --------------
From 1807a5c276d52fd167c4122a92626bfe7081d228 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 3 Mar 2016 10:29:21 +0100
Subject: [PATCH] SQ: smbd: don't crash smbXsrv_open_clear_replay_cache if
 op->table == NULL

Signed-off-by: Michael Adam <obnox at samba.org>
---
 source3/smbd/smbXsrv_open.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index 50e0280..e1b41a1 100644
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -975,9 +975,15 @@ static NTSTATUS smbXsrv_open_clear_replay_cache(struct smbXsrv_open *op)
 	struct GUID *create_guid;
 	struct GUID_txt_buf buf;
 	char *guid_string;
-	struct db_context *db = op->table->local.replay_cache_db_ctx;
+	struct db_context *db;
 	NTSTATUS status;
 
+	if (op->table == NULL) {
+		return NT_STATUS_OK;
+	}
+
+	db = op->table->local.replay_cache_db_ctx;
+
 	if (!(op->flags & SMBXSRV_OPEN_HAVE_REPLAY_CACHE)) {
 		return NT_STATUS_OK;
 	}
-- 
2.5.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160303/41c93804/signature.sig>

More information about the samba-technical mailing list