[PATCH]: lib: prevent global cache to be free'd unintentional

Tue Apr 16 08:29:24 UTC 2019

Three small patches around memcache.

Please review and push, if happy.

Cheers Swen

-------------- next part --------------
From 135ba9b109f6d18b88a9f4c4a3e428d3090a95cc Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Tue, 16 Apr 2019 10:14:27 +0200
Subject: [PATCH 1/3] lib: prevent global cache to be free'd unintentional

Prevent use after free usage of global_cache by verifying whether
the new cache reference is not identical to the current one which is free'd.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
 lib/util/memcache.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/util/memcache.c b/lib/util/memcache.c
index 1e616bd0e9a..6c7f671d242 100644
--- a/lib/util/memcache.c
+++ b/lib/util/memcache.c
@@ -96,6 +96,9 @@ struct memcache *memcache_init(TALLOC_CTX *mem_ctx, size_t max_size)
 
 void memcache_set_global(struct memcache *cache)
 {
+	if (cache == global_cache) {
+		return;
+	}
 	TALLOC_FREE(global_cache);
 	global_cache = cache;
 }
-- 
2.20.1


From f77d8892a208242e6d8da5e20b2309c77397cf68 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Tue, 16 Apr 2019 10:20:00 +0200
Subject: [PATCH 2/3] smbd: remove double init os smbd_memcache

There is no need to call smbd_memcache right after each other.
The check for success/error can be omitted as well as the call
to smbd_memcache() will throw a panic if unsuccessful.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
 source3/smbd/server.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 3ef7befef3f..f550e510cf5 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1992,12 +1992,6 @@ extern void build_options(bool screen);
 		exit_server("failed to setup SIGHUP handler");
 	}
 
-	/* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */
-
-	if (smbd_memcache() == NULL) {
-		exit_daemon("no memcache available", EACCES);
-	}
-
 	memcache_set_global(smbd_memcache());
 
 	/* Initialise the password backed before the global_sam_sid
-- 
2.20.1


From bfc24c8bac8d3cb67e0cf1bef698ef2e90d84ec5 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Tue, 16 Apr 2019 10:23:24 +0200
Subject: [PATCH 3/3] smbd: Move second smbd_memcache_ctx check to inner branch

No need to double check the Non-zero state of smbd_memcache_ctx
twice. Therefore, move the checkto where it is necessary.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
 source3/smbd/globals.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c
index 6bc448b901d..474187ec955 100644
--- a/source3/smbd/globals.c
+++ b/source3/smbd/globals.c
@@ -95,9 +95,9 @@ struct memcache *smbd_memcache(void)
 		 */
 		smbd_memcache_ctx = memcache_init(NULL,
 						  lp_max_stat_cache_size()*1024);
-	}
-	if (!smbd_memcache_ctx) {
-		smb_panic("Could not init smbd memcache");
+		if (!smbd_memcache_ctx) {
+			smb_panic("Could not init smbd memcache");
+		}
 	}
 
 	return smbd_memcache_ctx;
-- 
2.20.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190416/43c78d67/signature.sig>
