The Samba-Bugzilla – Attachment 17428 Details for
Bug 15124
rpcclient can crash using setuserinfo(2)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.16 and 4.15
0001-s3-rpcclient-Goto-done-in-cmd_samr_setuserinfo_int.patch (text/plain), 2.30 KB, created by
Andreas Schneider
on 2022-07-19 06:44:19 UTC
(
hide
)
Description:
patch for 4.16 and 4.15
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2022-07-19 06:44:19 UTC
Size:
2.30 KB
patch
obsolete
>From 0ac8f75834148016419ced716791758ac7b5b02e Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 19 Aug 2021 12:09:28 +0200 >Subject: [PATCH] s3:rpcclient: Goto done in cmd_samr_setuserinfo_int() > >We need to free the frame or we will run into: > smb_panic (why=0x7fa8c511aa88 "Frame not freed in order.") > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15124 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 2b32d932223e61935fc530eff1c05034ff817e21) >--- > source3/rpcclient/cmd_samr.c | 22 ++++++++++++++-------- > 1 file changed, 14 insertions(+), 8 deletions(-) > >diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c >index eb7f7fc8424..a048a4f935e 100644 >--- a/source3/rpcclient/cmd_samr.c >+++ b/source3/rpcclient/cmd_samr.c >@@ -3296,7 +3296,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, > > break; > default: >- return NT_STATUS_INVALID_INFO_CLASS; >+ status = NT_STATUS_INVALID_INFO_CLASS; >+ goto done; > } > > /* Get sam policy handle */ >@@ -3356,16 +3357,19 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, > &types, > &result); > if (!NT_STATUS_IS_OK(status)) { >- return status; >+ goto done; > } > if (!NT_STATUS_IS_OK(result)) { >- return result; >+ status = result; >+ goto done; > } > if (rids.count != 1) { >- return NT_STATUS_INVALID_NETWORK_RESPONSE; >+ status = NT_STATUS_INVALID_NETWORK_RESPONSE; >+ goto done; > } > if (types.count != 1) { >- return NT_STATUS_INVALID_NETWORK_RESPONSE; >+ status = NT_STATUS_INVALID_NETWORK_RESPONSE; >+ goto done; > } > > status = dcerpc_samr_OpenUser(b, frame, >@@ -3375,10 +3379,11 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, > &user_pol, > &result); > if (!NT_STATUS_IS_OK(status)) { >- return status; >+ goto done; > } > if (!NT_STATUS_IS_OK(result)) { >- return result; >+ status = result; >+ goto done; > } > } > >@@ -3398,7 +3403,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, > &result); > break; > default: >- return NT_STATUS_INVALID_PARAMETER; >+ status = NT_STATUS_INVALID_PARAMETER; >+ goto done; > } > if (!NT_STATUS_IS_OK(status)) { > DEBUG(0,("status: %s\n", nt_errstr(status))); >-- >2.37.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 15124
:
17426
| 17428