The Samba-Bugzilla – Attachment 12637 Details for
Bug 12408
cli_raw_ntlm_smb_encryption_start() leaks memory.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for master.
0001-s3-libsmb-Fix-memory-hierarchy-leak-of-gensec_securi.patch (text/plain), 2.53 KB, created by
Jeremy Allison
on 2016-11-10 00:10:00 UTC
(
hide
)
Description:
git-am fix for master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-11-10 00:10:00 UTC
Size:
2.53 KB
patch
obsolete
>From f80a0142f048156217498ac51ed79b8a146b3108 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 9 Nov 2016 16:07:26 -0800 >Subject: [PATCH] s3: libsmb: Fix memory hierarchy leak of gensec_security > struct. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12408 > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/libsmb/clifsinfo.c | 17 ++++++----------- > 1 file changed, 6 insertions(+), 11 deletions(-) > >diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c >index 31a2c02..9712d5d 100644 >--- a/source3/libsmb/clifsinfo.c >+++ b/source3/libsmb/clifsinfo.c >@@ -588,7 +588,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, > DATA_BLOB param_out = data_blob_null; > NTSTATUS status = NT_STATUS_UNSUCCESSFUL; > struct auth_generic_state *auth_generic_state; >- struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); >+ struct smb_trans_enc_state *es = talloc_zero(cli, >+ struct smb_trans_enc_state); > if (!es) { > return NT_STATUS_NO_MEMORY; > } >@@ -642,11 +643,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, > > if (NT_STATUS_IS_OK(status)) { > es->enc_on = true; >- /* Replace the old state, if any. */ >- /* We only need the gensec_security part from here. >- * es is a malloc()ed pointer, so we cannot make >- * gensec_security a talloc child */ >- es->gensec_security = talloc_move(NULL, >+ /* We only need the gensec_security part from here. */ >+ es->gensec_security = talloc_move(es, > &auth_generic_state->gensec_security); > smb1cli_conn_set_encryption(cli->conn, es); > es = NULL; >@@ -668,7 +666,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) > DATA_BLOB param_out = data_blob_null; > NTSTATUS status = NT_STATUS_UNSUCCESSFUL; > struct auth_generic_state *auth_generic_state; >- struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); >+ struct smb_trans_enc_state *es = talloc_zero(cli, struct smb_trans_enc_state); > > if (!es) { > return NT_STATUS_NO_MEMORY; >@@ -727,10 +725,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) > > if (NT_STATUS_IS_OK(status)) { > es->enc_on = true; >- /* Replace the old state, if any. */ >- /* We only need the gensec_security part from here. >- * es is a malloc()ed pointer, so we cannot make >- * gensec_security a talloc child */ >+ /* We only need the gensec_security part from here. */ > es->gensec_security = talloc_move(es, > &auth_generic_state->gensec_security); > smb1cli_conn_set_encryption(cli->conn, es); >-- >2.8.0.rc3.226.g39d4020 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review?
(
metze
)
Actions:
View
Attachments on
bug 12408
: 12637