The Samba-Bugzilla – Attachment 11183 Details for
Bug 11342
Codenomicon crash in do_smb_load_module()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am cherry-pick from master for 4.2.next, 4.1.next.
0001-s3-smbd-Codenomicon-crash-in-do_smb_load_module.patch (text/plain), 1.46 KB, created by
Jeremy Allison
on 2015-06-22 18:11:54 UTC
(
hide
)
Description:
git-am cherry-pick from master for 4.2.next, 4.1.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2015-06-22 18:11:54 UTC
Size:
1.46 KB
patch
obsolete
>From c2cb25a04fa6db0e42e22949f8dcfcbc0ea1d450 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 18 Jun 2015 10:21:07 -0700 >Subject: [PATCH] s3: smbd: Codenomicon crash in do_smb_load_module(). > >Inside api_pipe_bind_req() we look for a pipe module name using > >dcerpc_default_transport_endpoint(pkt, > NCACN_NP, table) > >which returns NULL when given invalid pkt data from the Codenomicon fuzzer. > >This gets passed directly to smb_probe_module(), which then calls >do_smb_load_module() which tries to deref the (NULL) module name. > >https://bugzilla.samba.org/show_bug.cgi?id=11342 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ira Cooper <ira@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Thu Jun 18 22:14:01 CEST 2015 on sn-devel-104 > >(cherry picked from commit 5a82cc21379e3fe28441cd82647313c9390b41e7) >--- > lib/util/modules.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/lib/util/modules.c b/lib/util/modules.c >index 828f33a..1f00dd8 100644 >--- a/lib/util/modules.c >+++ b/lib/util/modules.c >@@ -161,6 +161,11 @@ static NTSTATUS do_smb_load_module(const char *subsystem, > char *full_path = NULL; > TALLOC_CTX *ctx = talloc_stackframe(); > >+ if (module_name == NULL) { >+ TALLOC_FREE(ctx); >+ return NT_STATUS_INVALID_PARAMETER; >+ } >+ > /* Check for absolute path */ > > DEBUG(5, ("%s module '%s'\n", is_probe ? "Probing" : "Loading", module_name)); >-- >2.4.3.573.g4eafbef >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11183">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review?
(
ira
)
obnox
:
review+
gd
:
review+
Actions:
View
Attachments on
bug 11342
: 11183