The Samba-Bugzilla – Attachment 15912 Details for
Bug 14344
smbclient core with double free (with unresolved krb5 credential cache)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.12 cherry picked from master
bug14344-4.12.patch (text/plain), 3.88 KB, created by
Noel Power
on 2020-04-15 09:02:40 UTC
(
hide
)
Description:
patch for 4.12 cherry picked from master
Filename:
MIME Type:
Creator:
Noel Power
Created:
2020-04-15 09:02:40 UTC
Size:
3.88 KB
patch
obsolete
>From cf5e238efdf0f02265e0bebb1a98c78038c49128 Mon Sep 17 00:00:00 2001 >From: Noel Power <noel.power@suse.com> >Date: Tue, 14 Apr 2020 11:21:22 +0100 >Subject: [PATCH] s3/librpc/crypto: Fix double free with unresolved credential > cache > >We free gse_ctx->k5ctx but then free it again in the >talloc dtor. This patch just lets the talloc dtor handle >things and removes the extra krb5_free_context > >Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found) >==30762== Invalid read of size 8 >==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3) >==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3) >==30762== by 0x7945D2E: gse_context_destructor (gse.c:84) >==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157) >==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247) >==30762== by 0x646118D: _talloc_free (talloc.c:1789) >==30762== by 0x79462E4: gse_context_init (gse.c:241) >==30762== by 0x794636E: gse_init_client (gse.c:268) >==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) >==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) >==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) >==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) >==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd >==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==30762== by 0x79462CA: gse_context_init (gse.c:238) >==30762== by 0x794636E: gse_init_client (gse.c:268) >==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) >==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) >==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) >==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) >==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) >==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) >==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) >==30762== by 0xBC85622: gensec_update_send (gensec.c:449) >==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997) >==30762== Block was alloc'd at >==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) >==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3) >==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597) >==30762== by 0x794615B: gse_context_init (gse.c:209) >==30762== by 0x794636E: gse_init_client (gse.c:268) >==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) >==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) >==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) >==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) >==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) >==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) >==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) >==30762== > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344 >Signed-off-by: Noel Power <noel.power@suse.com> >Reviewed-by: Volker Lendecke <vl@samba.org> > >Autobuild-User(master): Noel Power <npower@samba.org> >Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184 > >(cherry picked from commit 34f8ab774d1484b0e60dbdec8ad2a1607ad92122) >--- > source3/librpc/crypto/gse.c | 4 ---- > 1 file changed, 4 deletions(-) > >diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c >index 6675f4dc597..1cf111bd974 100644 >--- a/source3/librpc/crypto/gse.c >+++ b/source3/librpc/crypto/gse.c >@@ -244,10 +244,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx, > return NT_STATUS_OK; > > err_out: >- if (gse_ctx->k5ctx) { >- krb5_free_context(gse_ctx->k5ctx); >- } >- > TALLOC_FREE(gse_ctx); > return status; > } >-- >2.16.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 14344
:
15908
|
15909
|
15911
| 15912