The Samba-Bugzilla – Attachment 9916 Details for
Bug 10596
When winbind client fails to open a private pipe to winbindd, it may crash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch for master
0001-wbclient-ensure-response-struct-is-initialized.patch (text/plain), 1.92 KB, created by
Alexander Bokovoy
on 2014-05-07 08:13:00 UTC
(
hide
)
Description:
Proposed patch for master
Filename:
MIME Type:
Creator:
Alexander Bokovoy
Created:
2014-05-07 08:13:00 UTC
Size:
1.92 KB
patch
obsolete
>From e37371227045112dfe4081159253675ae509d275 Mon Sep 17 00:00:00 2001 >From: Alexander Bokovoy <ab@samba.org> >Date: Wed, 7 May 2014 11:00:46 +0300 >Subject: [PATCH] wbclient: ensure response struct is initialized > >Prior to asking for a winbindd private pipe we need to initialize >response structure to deal with a possible response failure. > >winbind_open_pipe_sock() issues two winbindd requests: > - asks for interface version > - asks for a private pipe > >The first call returns interface version in a response structure (which >is a union). The second call might fail -- in this case response >structure will not be initialized or filled in with any information. > >As result, if the second call failed, response structure will have data >from an interface string interpreted as a pointer to a string during >SAFE_FREE() at the end of the winbind_open_pipe_sock(). > >To avoid that, ensure response struct is initialized before asking for >a private pipe. > >https://bugzilla.samba.org/show_bug.cgi?id=10596 > >Signed-off-by: Alexander Bokovoy <ab@samba.org> >--- > nsswitch/wb_common.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c >index f4a31a9..b34ab33 100644 >--- a/nsswitch/wb_common.c >+++ b/nsswitch/wb_common.c >@@ -374,6 +374,13 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) > /* try and get priv pipe */ > > request.wb_flags = WBFLAG_RECURSE; >+ >+ /* Note that response needs to be initialized to avoid >+ * crashing on clean up after WINBINDD_PRIV_PIPE_DIR call failed >+ * as interface version (from the first request) returned as a fstring, >+ * thus response.extra_data.data will not be NULL even though >+ * winbindd response did not write over it due to a failure */ >+ ZERO_STRUCT(response); > if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) { > int fd; > if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) { >-- >1.9.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 10596
: 9916