The Samba-Bugzilla – Attachment 15151 Details for
Bug 13927
ASAN detected use after free in nsswitch/pam_winbind.c
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Proposed patch for V4.10
bug-13927-v4-10.patch.txt (text/plain), 1.42 KB, created by
Gary Lockyer
on 2019-05-15 02:09:44 UTC
(
hide
)
Description:
Proposed patch for V4.10
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-05-15 02:09:44 UTC
Size:
1.42 KB
patch
obsolete
>From 03d428a5c2d1b58d80c3a3dce221d9810b3abb66 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Thu, 18 Apr 2019 09:29:28 +1200 >Subject: [PATCH] nsswitch pam_winbind: Fix Asan use after free > >Fix use after free condition detected by Address Sanitizer triggered by >wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a >double free. This patch prevents the Address Sanitizer error, allowing >tests to be run with Address Sanitizer enabled. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon May 6 08:55:22 UTC 2019 on sn-devel-184 > >(cherry picked from commit 193b44466ba05deba8f2b1fdc16ab55c102e82ad) >--- > nsswitch/pam_winbind.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c >index 757fdae6e3c..0ba1955f007 100644 >--- a/nsswitch/pam_winbind.c >+++ b/nsswitch/pam_winbind.c >@@ -1931,6 +1931,11 @@ static int winbind_auth_request(struct pwb_context *ctx, > wbcFreeMemory(logon.blobs); > if (info && info->blobs && !p_info) { > wbcFreeMemory(info->blobs); >+ /* >+ * We set blobs to NULL to prevent a use after free in the >+ * in the wbcLogonUserInfoDestructor >+ */ >+ info->blobs = NULL; > } > if (error && !p_error) { > wbcFreeMemory(error); >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
gary
:
ci-passed+
Actions:
View
Attachments on
bug 13927
:
15120
|
15121
| 15151