The Samba-Bugzilla – Attachment 14172 Details for
Bug 13420
Use after free in AD DC LSA server (inter-forest trust changes)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master
0001-s4-lsa-Fix-use-after-free-in-LSA-server.patch (text/plain), 1.48 KB, created by
Andrew Bartlett
on 2018-05-03 04:23:24 UTC
(
hide
)
Description:
patch for master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2018-05-03 04:23:24 UTC
Size:
1.48 KB
patch
obsolete
>From 460921092ee01e9469c8521f73f13ebeebda4416 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 3 May 2018 16:22:19 +1200 >Subject: [PATCH] s4-lsa: Fix use-after-free in LSA server > >This is a regression introduced in ab7988aa2fd1a43f576a4b73a6893c61c7ef1957. > >The state variable contains the data to be returned to the client >and packed into NDR after the function returned. > >This memory needs to be kept (on mem_ctx as parent) until that is >pushed and freed by the caller. > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > source4/rpc_server/lsa/lsa_lookup.c | 3 --- > 1 file changed, 3 deletions(-) > >diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c >index becbcfc8b64..f7d367e9525 100644 >--- a/source4/rpc_server/lsa/lsa_lookup.c >+++ b/source4/rpc_server/lsa/lsa_lookup.c >@@ -805,7 +805,6 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m > > state->r.out.result = status; > dcesrv_lsa_LookupSids_base_map(state); >- TALLOC_FREE(state); > return status; > } > >@@ -1284,7 +1283,6 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, > > state->r.out.result = status; > dcesrv_lsa_LookupNames_base_map(state); >- TALLOC_FREE(state); > return status; > } > >@@ -1357,7 +1355,6 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX > > state->r.out.result = status; > dcesrv_lsa_LookupNames_base_map(state); >- TALLOC_FREE(state); > return status; > } > >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13420
: 14172 |
14174
|
14192
|
14195
|
14196
|
14198