From ac869bde1b2fa6d94e4462c17e02add6dfd2b45f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Apr 2014 17:03:34 +1300 Subject: [PATCH] libsmbclient: Wrap more function calls in talloc_stackframe() to protect against talloc_tos() calls BUG: https://bugzilla.samba.org/show_bug.cgi?id=8449 Change-Id: I338aead708f1f42649dcfb37d4385924bb3485ea Signed-off-by: Andrew Bartlett --- source3/libsmb/libsmb_context.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c index c2b88f5..77658ec 100644 --- a/source3/libsmb/libsmb_context.c +++ b/source3/libsmb/libsmb_context.c @@ -560,6 +560,7 @@ SMBCCTX * smbc_init_context(SMBCCTX *context) { int pid; + TALLOC_CTX *frame; if (!context) { errno = EBADF; @@ -571,12 +572,15 @@ smbc_init_context(SMBCCTX *context) return NULL; } + frame = talloc_stackframe(); + if ((!smbc_getFunctionAuthData(context) && !smbc_getFunctionAuthDataWithContext(context)) || smbc_getDebug(context) < 0 || smbc_getDebug(context) > 100) { errno = EINVAL; + TALLOC_FREE(frame); return NULL; } @@ -595,6 +599,7 @@ smbc_init_context(SMBCCTX *context) if (!user) { errno = ENOMEM; + TALLOC_FREE(frame); return NULL; } @@ -603,6 +608,7 @@ smbc_init_context(SMBCCTX *context) if (!smbc_getUser(context)) { errno = ENOMEM; + TALLOC_FREE(frame); return NULL; } } @@ -625,6 +631,7 @@ smbc_init_context(SMBCCTX *context) netbios_name = (char *)SMB_MALLOC(17); if (!netbios_name) { errno = ENOMEM; + TALLOC_FREE(frame); return NULL; } slprintf(netbios_name, 16, @@ -633,6 +640,7 @@ smbc_init_context(SMBCCTX *context) if (!netbios_name) { errno = ENOMEM; + TALLOC_FREE(frame); return NULL; } @@ -641,6 +649,7 @@ smbc_init_context(SMBCCTX *context) if (!smbc_getNetbiosName(context)) { errno = ENOMEM; + TALLOC_FREE(frame); return NULL; } } @@ -660,6 +669,7 @@ smbc_init_context(SMBCCTX *context) if (!workgroup) { errno = ENOMEM; + TALLOC_FREE(frame); return NULL; } @@ -668,6 +678,7 @@ smbc_init_context(SMBCCTX *context) if (!smbc_getWorkgroup(context)) { errno = ENOMEM; + TALLOC_FREE(frame); return NULL; } } @@ -692,6 +703,7 @@ smbc_init_context(SMBCCTX *context) smb_panic("error unlocking 'initialized_ctx_count'"); } + TALLOC_FREE(frame); return context; } @@ -727,12 +739,15 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, smbc_bool use_kerberos = false; const char *signing_state = "off"; struct user_auth_info *auth_info = NULL; + TALLOC_CTX *frame; if (! context) { return; } + frame = talloc_stackframe(); + if (! workgroup || ! *workgroup) { workgroup = smbc_getWorkgroup(context); } @@ -749,6 +764,7 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, if (! auth_info) { DEBUG(0, ("smbc_set_credentials_with_fallback: allocation fail\n")); + TALLOC_FREE(frame); return; } @@ -777,4 +793,5 @@ void smbc_set_credentials_with_fallback(SMBCCTX *context, TALLOC_FREE(context->internal->auth_info); context->internal->auth_info = auth_info; + TALLOC_FREE(frame); } -- 1.9.1