The Samba-Bugzilla – Attachment 10924 Details for
Bug 11186
Crash seen in libsmbclient due to free of server structure during SMBC_getxattr() call
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Test patch for master
0001-s3-libsmbclient-After-getting-attribute-server-ensur.patch (text/plain), 2.22 KB, created by
Jeremy Allison
on 2015-03-31 21:42:13 UTC
(
hide
)
Description:
Test patch for master
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2015-03-31 21:42:13 UTC
Size:
2.22 KB
patch
obsolete
>From af98149e9e7e88e5e83ccd4e9ac37e1726941833 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 31 Mar 2015 14:40:23 -0700 >Subject: [PATCH] s3: libsmbclient: After getting attribute server, ensure main > srv pointer is still valid. > >Bug #11186: Crash seen in libsmbclient due to free of server structure during SMBC_getxattr() call > >https://bugzilla.samba.org/show_bug.cgi?id=11186 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/libsmb/libsmb_xattr.c | 36 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 36 insertions(+) > >diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c >index 8493776..aa6216a 100644 >--- a/source3/libsmb/libsmb_xattr.c >+++ b/source3/libsmb/libsmb_xattr.c >@@ -2074,6 +2074,24 @@ SMBC_getxattr_ctx(SMBCCTX *context, > ipc_srv = SMBC_attr_server(frame, context, server, port, share, > &workgroup, &user, &password); > if (! ipc_srv) { >+ /* >+ * See if the original server was removed >+ * from the cache. If so we must error out >+ * here as the srv pointer has been freed. >+ */ >+ if (smbc_getFunctionGetCachedServer(context)(context, >+ server, >+ share, >+ workgroup, >+ user) != srv) { >+#if defined(ECONNRESET) >+ errno = ECONNRESET; >+#else >+ errno = ETIMEDOUT; >+#endif >+ TALLOC_FREE(frame); >+ return -1; >+ } > srv->no_nt_session = True; > } > } else { >@@ -2211,6 +2229,24 @@ SMBC_removexattr_ctx(SMBCCTX *context, > ipc_srv = SMBC_attr_server(frame, context, server, port, share, > &workgroup, &user, &password); > if (! ipc_srv) { >+ /* >+ * See if the original server was removed >+ * from the cache. If so we must error out >+ * here as the srv pointer has been freed. >+ */ >+ if (smbc_getFunctionGetCachedServer(context)(context, >+ server, >+ share, >+ workgroup, >+ user) != srv) { >+#if defined(ECONNRESET) >+ errno = ECONNRESET; >+#else >+ errno = ETIMEDOUT; >+#endif >+ TALLOC_FREE(frame); >+ return -1; >+ } > srv->no_nt_session = True; > } > } else { >-- >2.2.0.rc0.207.ga3a616c >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 11186
:
10924
|
10932
|
10953