16093 – temporary read of unrelated or non-existing memory in s3 dfs server

Bug 16093 - temporary read of unrelated or non-existing memory in s3 dfs server

Summary: temporary read of unrelated or non-existing memory in s3 dfs server

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DCE-RPCs and pipes (show other bugs)
Version:	4.24.3
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Stefan Metzmacher
QA Contact:	Samba QA Contact

URL:	https://gitlab.com/samba-team/samba/-...
Keywords:

Depends on:
Blocks:

Reported:	2026-05-28 15:24 UTC by Stefan Metzmacher
Modified:	2026-05-28 15:38 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2026-05-28 15:24:48 UTC

_dfs_Add() uses a strange way to realloc the jn->referral_list array.

There's a temporary read of unrelated or non-existing memory,
but we directly overwrite the wrong initialized values again.

This was reported by Arjun Basnet with Securin Labs.