The Samba-Bugzilla – Attachment 16961 Details for
Bug 14893
winexe crashes since 4.15.0 after popt parsing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from master for v4-15-test
patch (text/plain), 1.75 KB, created by
Guenther Deschner
on 2021-11-05 12:58:25 UTC
(
hide
)
Description:
patch from master for v4-15-test
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2021-11-05 12:58:25 UTC
Size:
1.75 KB
patch
obsolete
>From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 4 Nov 2021 22:22:44 +0100 >Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free) >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893 > >Guenther > >Signed-off-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Günther Deschner <gd@samba.org> >Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184 > >(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218) >--- > examples/winexe/winexe.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > >diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c >index 3e0813a4091..59fb9dbdebb 100644 >--- a/examples/winexe/winexe.c >+++ b/examples/winexe/winexe.c >@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[], > *port_str = '\0'; > } > >- poptFreeContext(pc); >- > if (options->runas == NULL && options->runas_file != NULL) { > struct cli_credentials *runas_cred; > const char *user; >@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[], > > options->credentials = samba_cmdline_get_creds(); > >- options->hostname = argv_new[0] + 2; >+ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2); >+ if (options->hostname == NULL) { >+ DBG_ERR("Out of memory\n"); >+ exit(1); >+ } > options->port = port; >- options->cmd = argv_new[1]; >+ options->cmd = talloc_strdup(mem_ctx, argv_new[1]); >+ if (options->cmd == NULL) { >+ DBG_ERR("Out of memory\n"); >+ exit(1); >+ } >+ >+ poptFreeContext(pc); > > options->flags = flag_interactive; > if (flag_reinstall) { >-- >2.33.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=16961">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
asn
:
review+
gd
:
ci-passed+
Actions:
View
Attachments on
bug 14893
: 16961