Attachment 13823 Details for Bug 13171 – git-am fix for master

[patch] git-am fix for master

0001-s3-libsmb-Fix-valgrind-read-after-free-error-in-cli_.patch (text/plain), 1.36 KB, created by Jeremy Allison on 2017-11-29 22:11:27 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2017-11-29 22:11:27 UTC

Size: 1.36 KB

patch

obsolete

>From e1606b6089c4f272a2bf9c64ceaefd4f137da950 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Wed, 29 Nov 2017 09:21:30 -0800
>Subject: [PATCH] s3: libsmb: Fix valgrind read-after-free error in
> cli_smb2_close_fnum_recv().
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
>frees req, then uses the state pointer which was owned by req.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>Reviewed-by: Ralph BÃ¶hme <slow@samba.org>
>---
> source3/libsmb/cli_smb2_fnum.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
>diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
>index 628b17b293b..78f61fbedd4 100644
>--- a/source3/libsmb/cli_smb2_fnum.c
>+++ b/source3/libsmb/cli_smb2_fnum.c
>@@ -449,8 +449,12 @@ NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req)
> {
> 	struct cli_smb2_close_fnum_state *state = tevent_req_data(
> 		req, struct cli_smb2_close_fnum_state);
>-	NTSTATUS status = tevent_req_simple_recv_ntstatus(req);
>-	state->cli->raw_status = status;
>+	NTSTATUS status = NT_STATUS_OK;
>+
>+	if (tevent_req_is_nterror(req, &status)) {
>+		state->cli->raw_status = status;
>+	}
>+	tevent_req_received(req);
> 	return status;
> }
> 
>-- 
>2.15.0.531.g2ccb3012c9-goog
>

Actions: View

Attachments on bug 13171: 13823 | 13831