The Samba-Bugzilla – Attachment 11226 Details for
Bug 11367
use after free in source3/auth/auth_domain.c:domain_client_validate
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch from master
11367.patch (text/plain), 2.34 KB, created by
Volker Lendecke
on 2015-07-03 08:27:11 UTC
(
hide
)
Description:
Patch from master
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2015-07-03 08:27:11 UTC
Size:
2.34 KB
patch
obsolete
>From a1fef4a77548900d01cee8a65e11826156374c6e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 9 Feb 2015 09:33:01 +0100 >Subject: [PATCH] s3:auth_domain: fix talloc problem in > connect_to_domain_password_server() > >s3:auth_domain: fix talloc problem in connect_to_domain_password_server() > >return values of connect_to_domain_password_server() need to be exported >to the callers memory context. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11367 >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >--- > source3/auth/auth_domain.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c >index 937841c..c3c54f3 100644 >--- a/source3/auth/auth_domain.c >+++ b/source3/auth/auth_domain.c >@@ -53,6 +53,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret, > const char *dc_name, > const struct sockaddr_storage *dc_ss, > struct rpc_pipe_client **pipe_ret, >+ TALLOC_CTX *mem_ctx, > struct netlogon_creds_cli_context **creds_ret) > { > TALLOC_CTX *frame = talloc_stackframe(); >@@ -209,7 +210,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret, > > *cli_ret = cli; > *pipe_ret = netlogon_pipe; >- *creds_ret = netlogon_creds; >+ *creds_ret = talloc_move(mem_ctx, &netlogon_creds); > > TALLOC_FREE(frame); > return NT_STATUS_OK; >@@ -230,6 +231,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, > const struct sockaddr_storage *dc_ss) > > { >+ TALLOC_CTX *frame = talloc_stackframe(); > struct netr_SamInfo3 *info3 = NULL; > struct cli_state *cli = NULL; > struct rpc_pipe_client *netlogon_pipe = NULL; >@@ -255,11 +257,13 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, > dc_name, > dc_ss, > &netlogon_pipe, >+ frame, > &netlogon_creds); > } > > if ( !NT_STATUS_IS_OK(nt_status) ) { > DEBUG(0,("domain_client_validate: Domain password server not available.\n")); >+ TALLOC_FREE(frame); > if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) { > return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE; > } >@@ -324,6 +328,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, > these pointers are no longer valid..... */ > > cli_shutdown(cli); >+ TALLOC_FREE(frame); > return nt_status; > } > >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 11367
:
11208
| 11226