Bug 13818 - An out of scope usage of a stack variable may cause corruption in EnumPrinter*
Summary: An out of scope usage of a stack variable may cause corruption in EnumPrinter*
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Printing (show other bugs)
Version: 4.10.0rc3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-01 14:58 UTC by Stefan Metzmacher
Modified: 2021-02-11 14:24 UTC (History)
4 users (show)

See Also:


Attachments
Patch for v4-10-test (1.60 KB, patch)
2019-03-19 10:41 UTC, Stefan Metzmacher
bjacke: review+
gd: review+
Details
Patch for v4-9-test (1.60 KB, patch)
2019-03-19 10:41 UTC, Stefan Metzmacher
bjacke: review+
gd: review+
Details
Patch for v4-8-test (1.60 KB, patch)
2019-03-19 10:42 UTC, Stefan Metzmacher
bjacke: review+
gd: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2019-03-01 14:58:58 UTC
I saw _data_blob_info being overwritten in NDR_SPOOLSS_PUSH_ENUM_OUT
before ndr_push__##fn

        if (r->in.buffer) {\
                DATA_BLOB _data_blob_info; \
                ...
                _data_blob_info = ndr_push_blob(_ndr_info);\
                _r.out.info     = &_data_blob_info;\
        }\
        NDR_CHECK(ndr_push__##fn(ndr, flags, &_r));\
Comment 1 Stefan Metzmacher 2019-03-01 15:58:09 UTC
See https://gitlab.com/samba-team/samba/merge_requests/267
Comment 2 Björn Jacke 2019-03-04 14:36:10 UTC
got positive feedback that this fixes spoolss on a FreeBSD built with clang.
Comment 3 Stefan Metzmacher 2019-03-19 10:41:18 UTC
Created attachment 14943 [details]
Patch for v4-10-test
Comment 4 Stefan Metzmacher 2019-03-19 10:41:53 UTC
Created attachment 14944 [details]
Patch for v4-9-test
Comment 5 Stefan Metzmacher 2019-03-19 10:42:28 UTC
Created attachment 14945 [details]
Patch for v4-8-test
Comment 6 Guenther Deschner 2019-03-19 11:02:21 UTC
Comment on attachment 14943 [details]
Patch for v4-10-test

LGTM
Comment 7 Guenther Deschner 2019-03-19 11:02:27 UTC
Comment on attachment 14944 [details]
Patch for v4-9-test

LGTM
Comment 8 Guenther Deschner 2019-03-19 11:02:33 UTC
Comment on attachment 14945 [details]
Patch for v4-8-test

LGTM
Comment 9 Karolin Seeger 2019-03-21 12:15:18 UTC
Pushed to autobuild-v4-{10,9,8}-test.
Comment 10 Karolin Seeger 2019-03-28 08:09:06 UTC
(In reply to Karolin Seeger from comment #9)
Pushed to all branches.
Closing out bug report.

Thanks!