Bug 8920 - Avoid null dereference in initialize_password_db()
Summary: Avoid null dereference in initialize_password_db()
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: User & Group Accounts (show other bugs)
Version: 3.6.5
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-08 20:09 UTC by Debian samba package maintainers (PUBLIC MAILING LIST)
Modified: 2023-07-07 01:44 UTC (History)
1 user (show)

See Also:


Attachments
Patch used in Debian and Ubuntu (1.03 KB, patch)
2012-05-08 20:09 UTC, Debian samba package maintainers (PUBLIC MAILING LIST)
no flags Details
fix (1.40 KB, patch)
2012-05-09 12:27 UTC, Volker Lendecke
obnox: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Debian samba package maintainers (PUBLIC MAILING LIST) 2012-05-08 20:09:17 UTC
When initialize_password_db() is called with reload=True, it's assumed that
 the free_private_data member of pdb_methods is non-null.  This is not
 necessarily the case, as the tdb backend has no private data and therefore
 no free function.  Check to see if we have private data that needs freed
 before calling.

(this text originally written by Steve Langasek)
Comment 1 Debian samba package maintainers (PUBLIC MAILING LIST) 2012-05-08 20:09:54 UTC
Created attachment 7533 [details]
Patch used in Debian and Ubuntu
Comment 2 Volker Lendecke 2012-05-09 05:57:40 UTC
I would use a different patch. In the if clause I would check for free_private_data instead of private_data because that is what we dereference. Would that work for you as well?
Comment 3 Steve Langasek 2012-05-09 07:36:12 UTC
The two checks seem to be equivalent, yes.  It fits my mental model better to think about whether there's any data to be freed, rather than whether there's a method to do the freeing, but I think both ways will fix the bug. :)
Comment 4 Volker Lendecke 2012-05-09 12:27:12 UTC
Created attachment 7539 [details]
fix

that's what I am about to push to master, ok?
Comment 5 Debian samba package maintainers (PUBLIC MAILING LIST) 2012-05-09 12:46:04 UTC
Seems OK for me and I guess STeve will be OK too.

Could that be a candidate for 3.6.6 and therefore save us one patch in debian/patches?
Comment 6 Michael Adam 2012-05-09 12:53:24 UTC
Comment on attachment 7539 [details]
fix

ACK
Comment 7 Volker Lendecke 2012-05-09 12:54:20 UTC
Done.
Comment 8 Karolin Seeger 2012-05-10 09:01:40 UTC
Pushed patch to v3-6-test.
Will be included in the next bugfix release.
Closing out bug report.

Thanks!