Attachment 15151 Details for Bug 13927 – Proposed patch for V4.10

Proposed patch for V4.10

bug-13927-v4-10.patch.txt (text/plain), 1.42 KB, created by Gary Lockyer on 2019-05-15 02:09:44 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Gary Lockyer

Created: 2019-05-15 02:09:44 UTC

Size: 1.42 KB

patch

obsolete

>From 03d428a5c2d1b58d80c3a3dce221d9810b3abb66 Mon Sep 17 00:00:00 2001
>From: Gary Lockyer <gary@catalyst.net.nz>
>Date: Thu, 18 Apr 2019 09:29:28 +1200
>Subject: [PATCH] nsswitch pam_winbind: Fix Asan use after free
>
>Fix use after free condition detected by Address Sanitizer triggered by
>wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a
>double free.  This patch prevents the Address Sanitizer error, allowing
>tests to be run with Address Sanitizer enabled.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927
>
>Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
>Reviewed-by: Andrew Bartlett <abartlet@samba.org>
>
>Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
>Autobuild-Date(master): Mon May  6 08:55:22 UTC 2019 on sn-devel-184
>
>(cherry picked from commit 193b44466ba05deba8f2b1fdc16ab55c102e82ad)
>---
> nsswitch/pam_winbind.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
>diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
>index 757fdae6e3c..0ba1955f007 100644
>--- a/nsswitch/pam_winbind.c
>+++ b/nsswitch/pam_winbind.c
>@@ -1931,6 +1931,11 @@ static int winbind_auth_request(struct pwb_context *ctx,
> 	wbcFreeMemory(logon.blobs);
> 	if (info && info->blobs && !p_info) {
> 		wbcFreeMemory(info->blobs);
>+		/*
>+		 * We set blobs to NULL to prevent a use after free in the
>+		 * in the wbcLogonUserInfoDestructor
>+		 */
>+		info->blobs = NULL;
> 	}
> 	if (error && !p_error) {
> 		wbcFreeMemory(error);
>-- 
>2.17.1
>

Flags:

abartlet: review+
gary: ci-passed+

Actions: View

Attachments on bug 13927: 15120 | 15121 | 15151