Bug 15205 - Since popt1.19 various use after free errors using result of poptGetArg are now exposed
Summary: Since popt1.19 various use after free errors using result of poptGetArg are n...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-14 11:05 UTC by Noel Power
Modified: 2022-10-25 10:06 UTC (History)
2 users (show)

See Also:


Attachments
patch for 4.17 (335 bytes, patch)
2022-10-18 12:20 UTC, Andreas Schneider
no flags Details
patch for 4.17 (485 bytes, patch)
2022-10-18 12:22 UTC, Andreas Schneider
no flags Details
patch for 4.17 (46.60 KB, patch)
2022-10-18 12:26 UTC, Andreas Schneider
pfilipensky: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Noel Power 2022-10-14 11:05:45 UTC
popt-1.19 fixes a leak which exposes any use of result of poptGetArg that hasn't been copied after poptFreeContext. In other words an existing bug in same code that previously wasn't triggered now happens when using popt-1.19
Comment 1 Samba QA Contact 2022-10-14 13:39:03 UTC
This bug was referenced in samba master:

d26d3d9bff61f796c9c9ab54990ea078f575ab1e
ff003fc87b8164610dfd6572347c05308c4b2fd7
31d3d10b260f05080ca0a3cf9434aa4704d60739
e82699fcca3716d9ed0450263fd83f948de8ffbe
4b15d8c2a5c8547b84e7926fed9890b5676b8bc3
7e0e3f47cd67e4cadc101691cd14837f45d9506a
Comment 2 Samba QA Contact 2022-10-17 19:50:04 UTC
This bug was referenced in samba master:

19eb88bc53e481327bbd437b0c145d5765c6dcec
972127daddc7a32d23fb84d97102557035b06f5b
0326549a052c22e4929e3760fd5011c35e32fe33
Comment 3 Andreas Schneider 2022-10-18 12:20:08 UTC
Created attachment 17572 [details]
patch for 4.17
Comment 4 Andreas Schneider 2022-10-18 12:22:12 UTC
Created attachment 17573 [details]
patch for 4.17
Comment 5 Andreas Schneider 2022-10-18 12:26:14 UTC
Created attachment 17574 [details]
patch for 4.17
Comment 6 Pavel Filipenský 2022-10-18 12:52:52 UTC
The 4.17 patch looks good and builds on v4-17-test branch.
Comment 7 Noel Power 2022-10-18 13:10:03 UTC
thanks for the patch Andreas, I hadn't forgotten, was just was waiting for the follow to be merged and also we have an internal conference on here (so it's taking more time to get to tasks)

patch applies for 4.15, 4.16, 4.17

reassign to Jule for inclusion
Comment 8 Jule Anger 2022-10-18 14:15:01 UTC
Pushed to autobuild-v4-{17,16}-test.
4.15 is in security only mode.
Comment 9 Samba QA Contact 2022-10-18 14:29:20 UTC
This bug was referenced in samba v4-17-test:

e0ae633216db2519c268df802de2df1e150c8f1c
4c03cfd6b67f634de9d577e10d618435b401f6b1
1e8652100da0472157d47c788877414cdf92b797
3a9733ce71fe878eacf0eadeeb681f2b8cc35e96
21890fcb52668d82fb127393bbc11439fddc0c08
ee2858ab4ff029f5df414bd74c6742a969b31093
fac483e3dad9855e82d84fda20fea69aebd54759
d5e39d1ba700a530b977707314237020455cd28c
93d6f403e38de68681257c5239ae764c9fbb3353
Comment 10 Samba QA Contact 2022-10-19 09:46:03 UTC
This bug was referenced in samba v4-16-test:

0503e0df3b6b0b02c54c50f25e77b39de90ca575
da11c48d9b69b394e2d01b3405aba24b17e671e0
1efcc10c9d4f4f35ea22322e427989112a3bae51
4b35fa3f85e6ce8811a47e3d42049fecc0045d2f
5383d625cbb3a2c10b4fa18d21e738dabad5d6be
7480f9c01d6449e071784b04ea1f8e2a18906d75
e69d2b3f9d2c8f38a4d93413d563ad5241d35383
9a18da112c47055fb32291dfcde42f2ccca7aad7
4d7e31b98162a33702162b00cf40811dfeabe671
Comment 11 Samba QA Contact 2022-10-19 12:26:42 UTC
This bug was referenced in samba v4-17-stable (Release samba-4.17.1):

e0ae633216db2519c268df802de2df1e150c8f1c
4c03cfd6b67f634de9d577e10d618435b401f6b1
1e8652100da0472157d47c788877414cdf92b797
3a9733ce71fe878eacf0eadeeb681f2b8cc35e96
21890fcb52668d82fb127393bbc11439fddc0c08
ee2858ab4ff029f5df414bd74c6742a969b31093
fac483e3dad9855e82d84fda20fea69aebd54759
d5e39d1ba700a530b977707314237020455cd28c
93d6f403e38de68681257c5239ae764c9fbb3353
Comment 12 Jule Anger 2022-10-25 10:06:59 UTC
Closing out bug report.

Thanks!