From deab40a10856f5d1461c795f06c4f0a3fdc12fc1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 Jan 2010 17:45:21 -0800 Subject: [PATCH] Fix bug 7045 - Bad (non memory copying) interfaces in smbc_setXXXX calls. In smbc_free_context libsmbclient just called free() on the string options so it assumes the callers have malloced them before setting them via smbc_set calls. Change to correctly malloc/free string options to the library. Protect against SMB_STRDUP of null. Contains 2d41b1ab78639abe4ae030ff482573f464564dd7 and f85b6ee90b88c7f7b2a92c8a5f3e2ebe59c1087b from master. Jeremy --- source3/libsmb/libsmb_context.c | 26 +++++++++++++++++++------- source3/libsmb/libsmb_setget.c | 15 ++++++++++++--- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index 78c9a55..336172c 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -291,13 +291,8 @@ smbc_free_context(SMBCCTX *context, } /* Things we have to clean up */ - free(smbc_getWorkgroup(context)); smbc_setWorkgroup(context, NULL); - - free(smbc_getNetbiosName(context)); smbc_setNetbiosName(context, NULL); - - free(smbc_getUser(context)); smbc_setUser(context, NULL); DEBUG(3, ("Context %p successfully freed\n", context)); @@ -533,7 +528,6 @@ SMBCCTX * smbc_init_context(SMBCCTX *context) { int pid; - char *user = NULL; if (!context) { errno = EBADF; @@ -569,7 +563,7 @@ smbc_init_context(SMBCCTX *context) /* * FIXME: Is this the best way to get the user info? */ - user = getenv("USER"); + char *user = getenv("USER"); /* walk around as "guest" if no username can be found */ if (!user) { user = SMB_STRDUP("guest"); @@ -583,6 +577,12 @@ smbc_init_context(SMBCCTX *context) } smbc_setUser(context, user); + SAFE_FREE(user); + + if (!smbc_getUser(context)) { + errno = ENOMEM; + return NULL; + } } if (!smbc_getNetbiosName(context)) { @@ -615,6 +615,12 @@ smbc_init_context(SMBCCTX *context) } smbc_setNetbiosName(context, netbios_name); + SAFE_FREE(netbios_name); + + if (!smbc_getNetbiosName(context)) { + errno = ENOMEM; + return NULL; + } } DEBUG(1, ("Using netbios name %s.\n", smbc_getNetbiosName(context))); @@ -636,6 +642,12 @@ smbc_init_context(SMBCCTX *context) } smbc_setWorkgroup(context, workgroup); + SAFE_FREE(workgroup); + + if (!smbc_getWorkgroup(context)) { + errno = ENOMEM; + return NULL; + } } DEBUG(1, ("Using workgroup %s.\n", smbc_getWorkgroup(context))); diff --git a/source3/libsmb/libsmb_setget.c b/source3/libsmb/libsmb_setget.c index 3493e4f..7113c62 100644 --- a/source3/libsmb/libsmb_setget.c +++ b/source3/libsmb/libsmb_setget.c @@ -39,7 +39,10 @@ smbc_getNetbiosName(SMBCCTX *c) void smbc_setNetbiosName(SMBCCTX *c, char * netbios_name) { - c->netbios_name = netbios_name; + SAFE_FREE(c->netbios_name); + if (netbios_name) { + c->netbios_name = SMB_STRDUP(netbios_name); + } } /** Get the workgroup used for making connections */ @@ -53,7 +56,10 @@ smbc_getWorkgroup(SMBCCTX *c) void smbc_setWorkgroup(SMBCCTX *c, char * workgroup) { - c->workgroup = workgroup; + SAFE_FREE(c->workgroup); + if (workgroup) { + c->workgroup = SMB_STRDUP(workgroup); + } } /** Get the username used for making connections */ @@ -67,7 +73,10 @@ smbc_getUser(SMBCCTX *c) void smbc_setUser(SMBCCTX *c, char * user) { - c->user = user; + SAFE_FREE(c->user); + if (user) { + c->user = SMB_STRDUP(user); + } } /** Get the debug level */ -- 1.6.5.3