[PATCH] Fix&cleanup for idmap_autorid
Jeremy Allison
jra at samba.org
Mon Mar 7 19:07:10 UTC 2016
On Sun, Mar 06, 2016 at 04:54:52PM +0100, Volker Lendecke wrote:
> Hi!
>
> Review appreciated!
LGTM. Pushed !
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From 08391ef16e9cf539a59ce5a8d946c00287850d0c Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Sun, 6 Mar 2016 16:39:58 +0100
> Subject: [PATCH 1/2] idmap_autorid: Fix a use-after-free
>
> Parsing the domain_range_index references data.dptr
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/winbindd/idmap_autorid.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
> index 76dccaa..3f6f20c 100644
> --- a/source3/winbindd/idmap_autorid.c
> +++ b/source3/winbindd/idmap_autorid.c
> @@ -231,8 +231,8 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
> }
>
> ok = dom_sid_parse_endp((const char *)data.dptr, &domsid, &q);
> - TALLOC_FREE(data.dptr);
> if (!ok) {
> + TALLOC_FREE(data.dptr);
> map->status = ID_UNKNOWN;
> return NT_STATUS_OK;
> }
> @@ -240,10 +240,13 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
> if (sscanf(q+1, "%"SCNu32, &domain_range_index) != 1) {
> DEBUG(10, ("Domain range index not found, "
> "ignoring mapping request\n"));
> + TALLOC_FREE(data.dptr);
> map->status = ID_UNKNOWN;
> return NT_STATUS_OK;
> }
>
> + TALLOC_FREE(data.dptr);
> +
> reduced_rid = normalized_id % cfg->rangesize;
> rid = reduced_rid + domain_range_index * cfg->rangesize;
>
> --
> 1.7.9.5
>
>
> From a1ae0c3368933136df9d0646a8a486068e125f5e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Wed, 10 Feb 2016 09:02:12 +0100
> Subject: [PATCH 2/2] idmap_autorid: Protect against corrupt databases
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/winbindd/idmap_autorid.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
> index 3f6f20c..20cd5b7 100644
> --- a/source3/winbindd/idmap_autorid.c
> +++ b/source3/winbindd/idmap_autorid.c
> @@ -217,6 +217,13 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
> return NT_STATUS_OK;
> }
>
> + if (data.dptr[data.dsize-1] != '\0') {
> + DBG_WARNING("Invalid range %"PRIu32"\n", range_number);
> + TALLOC_FREE(data.dptr);
> + map->status = ID_UNKNOWN;
> + return NT_STATUS_OK;
> + }
> +
> if (strncmp((const char *)data.dptr,
> ALLOC_RANGE,
> strlen(ALLOC_RANGE)) == 0) {
> --
> 1.7.9.5
>
More information about the samba-technical
mailing list