The Samba-Bugzilla – Attachment 13823 Details for
Bug 13171
valgrind read-after-free error in cli_smb2_close_fnum_recv()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for master
0001-s3-libsmb-Fix-valgrind-read-after-free-error-in-cli_.patch (text/plain), 1.36 KB, created by
Jeremy Allison
on 2017-11-29 22:11:27 UTC
(
hide
)
Description:
git-am fix for master
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2017-11-29 22:11:27 UTC
Size:
1.36 KB
patch
obsolete
>From e1606b6089c4f272a2bf9c64ceaefd4f137da950 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Wed, 29 Nov 2017 09:21:30 -0800 >Subject: [PATCH] s3: libsmb: Fix valgrind read-after-free error in > cli_smb2_close_fnum_recv(). >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which >frees req, then uses the state pointer which was owned by req. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Böhme <slow@samba.org> >--- > source3/libsmb/cli_smb2_fnum.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > >diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c >index 628b17b293b..78f61fbedd4 100644 >--- a/source3/libsmb/cli_smb2_fnum.c >+++ b/source3/libsmb/cli_smb2_fnum.c >@@ -449,8 +449,12 @@ NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req) > { > struct cli_smb2_close_fnum_state *state = tevent_req_data( > req, struct cli_smb2_close_fnum_state); >- NTSTATUS status = tevent_req_simple_recv_ntstatus(req); >- state->cli->raw_status = status; >+ NTSTATUS status = NT_STATUS_OK; >+ >+ if (tevent_req_is_nterror(req, &status)) { >+ state->cli->raw_status = status; >+ } >+ tevent_req_received(req); > return status; > } > >-- >2.15.0.531.g2ccb3012c9-goog >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13171
:
13823
|
13831