The Samba-Bugzilla – Attachment 17710 Details for
Bug 15268
smbclient segfaults with use after free on an optimized build
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.16
smbclient-v4-16.patch (text/plain), 6.15 KB, created by
Andreas Schneider
on 2022-12-22 15:27:15 UTC
(
hide
)
Description:
patch for 4.16
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2022-12-22 15:27:15 UTC
Size:
6.15 KB
patch
obsolete
>From 7ab7765f1d7a772a632d0eef6da748884c32c92c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 22 Apr 2022 15:34:08 +0200 >Subject: [PATCH 1/3] s3:tests: Reformat test_chdir_cache.sh > >shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >--- > source3/script/tests/test_chdir_cache.sh | 38 ++++++++++++++---------- > 1 file changed, 22 insertions(+), 16 deletions(-) > >diff --git a/source3/script/tests/test_chdir_cache.sh b/source3/script/tests/test_chdir_cache.sh >index 6287d17354a..ae244acdd58 100755 >--- a/source3/script/tests/test_chdir_cache.sh >+++ b/source3/script/tests/test_chdir_cache.sh >@@ -8,16 +8,21 @@ > # Copyright (C) 2021 Jeremy Allison > > if [ $# -lt 5 ]; then >- echo Usage: test_chdir_user.sh \ >- --configfile=SERVERCONFFILE SMBCLIENT SMBCONTROL SERVER SHARE >-exit 1 >+ echo Usage: test_chdir_user.sh \ >+ --configfile=SERVERCONFFILE SMBCLIENT SMBCONTROL SERVER SHARE >+ exit 1 > fi > >-CONF=$1; shift 1 >-SMBCLIENT=$1; shift 1 >-SMBCONTROL=$1; shift 1 >-SERVER=$1; shift 1 >-SHARE=$1; shift 1 >+CONF=$1 >+shift 1 >+SMBCLIENT=$1 >+shift 1 >+SMBCONTROL=$1 >+shift 1 >+SERVER=$1 >+shift 1 >+SHARE=$1 >+shift 1 > > # Do not let deprecated option warnings muck this up > SAMBA_DEPRECATED_SUPPRESS=1 >@@ -28,7 +33,7 @@ conf_dir=$(dirname ${SERVERCONFFILE}) > log_file=${conf_dir}/../smbd_test.log > > error_inject_conf=${conf_dir}/error_inject.conf >-> ${error_inject_conf} >+>${error_inject_conf} > > incdir=$(dirname $0)/../../../testprogs/blackbox > . $incdir/subunit.sh >@@ -40,15 +45,16 @@ cd $SELFTEST_TMPDIR || exit 1 > rm -f smbclient-stdin smbclient-stdout smbclient-stderr > mkfifo smbclient-stdin smbclient-stdout smbclient-stderr > >-CLI_FORCE_INTERACTIVE=1; export CLI_FORCE_INTERACTIVE >+CLI_FORCE_INTERACTIVE=1 >+export CLI_FORCE_INTERACTIVE > > ${SMBCLIENT} //${SERVER}/${SHARE} ${CONF} -U${USER}%${PASSWORD} \ >- < smbclient-stdin > smbclient-stdout 2>smbclient-stderr & >+ <smbclient-stdin >smbclient-stdout 2>smbclient-stderr & > CLIENT_PID=$! > > # Count the number of chdir_current_service: vfs_ChDir.*failed: Permission denied > # errors that are already in the log (should be zero). >-num_errs=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l` >+num_errs=$(grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l) > > sleep 1 > >@@ -73,7 +79,7 @@ echo "tcon ${SHARE}" >&100 > head -n 4 <&101 > > # Ensure any chdir will give EACCESS. >-echo "error_inject:chdir = EACCES" > ${error_inject_conf} >+echo "error_inject:chdir = EACCES" >${error_inject_conf} > ${SMBCONTROL} ${CONF} 0 reload-config > > sleep 1 >@@ -88,15 +94,15 @@ kill ${CLIENT_PID} > rm -f smbclient-stdin smbclient-stdout smbclient-stderr > > # Remove the chdir inject. >-> ${error_inject_conf} >+>${error_inject_conf} > ${SMBCONTROL} ${CONF} 0 reload-config > > # Now look for chdir_current_service: vfs_ChDir.*failed: Permission denied > # in the smb log. There should be one more than before. > >-num_errs1=`grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l` >+num_errs1=$(grep "chdir_current_service: vfs_ChDir.*failed: Permission denied" ${log_file} | wc -l) > > testit "Verify we got at least one chdir error" \ >- test $num_errs1 -gt $num_errs || failed=$(expr $failed + 1) >+ test $num_errs1 -gt $num_errs || failed=$(expr $failed + 1) > > testok $0 $failed >-- >2.39.0 > > >From 00dc2d5fa104406bbbbdcb615804d2c092195439 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 22 Dec 2022 10:36:02 +0100 >Subject: [PATCH 2/3] s3:script: Improve test_chdir_cache.sh > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 0d1961267cd9e8f1158a407c5d135514c363f37e) >--- > source3/script/tests/test_chdir_cache.sh | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > >diff --git a/source3/script/tests/test_chdir_cache.sh b/source3/script/tests/test_chdir_cache.sh >index ae244acdd58..c649d2b07b3 100755 >--- a/source3/script/tests/test_chdir_cache.sh >+++ b/source3/script/tests/test_chdir_cache.sh >@@ -33,7 +33,7 @@ conf_dir=$(dirname ${SERVERCONFFILE}) > log_file=${conf_dir}/../smbd_test.log > > error_inject_conf=${conf_dir}/error_inject.conf >->${error_inject_conf} >+rm -f ${error_inject_conf} > > incdir=$(dirname $0)/../../../testprogs/blackbox > . $incdir/subunit.sh >@@ -80,7 +80,9 @@ head -n 4 <&101 > > # Ensure any chdir will give EACCESS. > echo "error_inject:chdir = EACCES" >${error_inject_conf} >-${SMBCONTROL} ${CONF} 0 reload-config >+testit "reload config 1" \ >+ "${SMBCONTROL}" "${CONF}" smbd reload-config || >+ failed=$((failed + 1)) > > sleep 1 > >@@ -94,8 +96,10 @@ kill ${CLIENT_PID} > rm -f smbclient-stdin smbclient-stdout smbclient-stderr > > # Remove the chdir inject. >->${error_inject_conf} >-${SMBCONTROL} ${CONF} 0 reload-config >+rm -f ${error_inject_conf} >+testit "reload config 2" \ >+ "${SMBCONTROL}" "${CONF}" smbd reload-config || >+ failed=$((failed + 1)) > > # Now look for chdir_current_service: vfs_ChDir.*failed: Permission denied > # in the smb log. There should be one more than before. >-- >2.39.0 > > >From e9da0d776ca2f94142e8658f96e31dbdabddf466 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 22 Dec 2022 10:31:11 +0100 >Subject: [PATCH 3/3] s3:client: Fix a use-after-free issue in smbclient > >Detected by > > make test TESTS="samba3.blackbox.chdir-cache" > >with an optimized build or with AddressSanitizer. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 9c707b4be27e2a6f79886d3ec8b5066c922b99bd) >--- > source3/client/client.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/source3/client/client.c b/source3/client/client.c >index 69b7c9022c2..607be92bba3 100644 >--- a/source3/client/client.c >+++ b/source3/client/client.c >@@ -5126,10 +5126,11 @@ static int cmd_tcon(void) > return -1; > } > >- talloc_free(sharename); >- > d_printf("tcon to %s successful, tid: %u\n", sharename, > cli_state_get_tid(cli)); >+ >+ talloc_free(sharename); >+ > return 0; > } > >-- >2.39.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 15268
:
17709
| 17710