The branch, master has been updated via 978dc61... s4-selftest: don't consider spoolss failures to be an error in s4 via f1d9382... s4/smbstreams: Fix memory use after free. via bf7cc32... krb5: Fix leaked hx509_context pointer via 4653d05... tdr-test: Fix 'push_charset' test via 8efabcc... talloc: Fix write behind memory block from 105eb95... s4 quicktest: exclude raw-streams from quicktest until bug is fixed
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 978dc61b5682a9a3cc27474f22b94ea9745ad838 Author: Andrew Tridgell <tri...@samba.org> Date: Tue Dec 8 12:37:17 2009 +1100 s4-selftest: don't consider spoolss failures to be an error in s4 commit f1d9382b18fbf4b9428759cdeea3894b7871e236 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Sun Dec 6 01:59:42 2009 +0200 s4/smbstreams: Fix memory use after free. The bug is that sometimes 'streams' is parent for 'new_name'. With this said, 'new_name' must be dupped before 'streams' pointer is freed. Signed-off-by: Andrew Tridgell <tri...@samba.org> commit bf7cc3262e3cbd72a3603d3c648fccfe7ce9829f Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Sun Dec 6 04:05:45 2009 +0200 krb5: Fix leaked hx509_context pointer Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 4653d05fef15944e550fafe7c31961dbf007fd95 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Sun Dec 6 03:18:11 2009 +0200 tdr-test: Fix 'push_charset' test 4 bytes of 'bloe' string are pushed, so we should check only for the first 4 caracters Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 8efabcc8a5dcd83deed8ef8e17826a1d347e6d83 Author: Kamen Mazdrashki <kamen.mazdras...@postpath.com> Date: Sat Dec 5 21:44:15 2009 +0200 talloc: Fix write behind memory block If ALWASY_REALLOC is defined and we are to 'shrink' memory block, memcpy() will write outside memory just allocated. Signed-off-by: Andrew Tridgell <tri...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/talloc/talloc.c | 2 +- lib/tdr/testsuite.c | 2 +- source4/heimdal/lib/krb5/context.c | 4 ++++ source4/ntvfs/posix/pvfs_streams.c | 12 ++++++++---- source4/selftest/knownfail | 2 +- 5 files changed, 15 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c index 7beda4b..f7b1ac3 100644 --- a/lib/talloc/talloc.c +++ b/lib/talloc/talloc.c @@ -1184,7 +1184,7 @@ void *_talloc_realloc(const void *context, void *ptr, size_t size, const char *n #if ALWAYS_REALLOC new_ptr = malloc(size + TC_HDR_SIZE); if (new_ptr) { - memcpy(new_ptr, tc, tc->size + TC_HDR_SIZE); + memcpy(new_ptr, tc, MIN(tc->size, size) + TC_HDR_SIZE); free(tc); } #else diff --git a/lib/tdr/testsuite.c b/lib/tdr/testsuite.c index 36bb164..ca76b52 100644 --- a/lib/tdr/testsuite.c +++ b/lib/tdr/testsuite.c @@ -154,7 +154,7 @@ static bool test_push_charset(struct torture_context *tctx) torture_assert_ntstatus_ok(tctx, tdr_push_charset(tdr, &l, 4, 1, CH_UTF8), "push failed"); torture_assert_int_equal(tctx, 4, tdr->data.length, "offset invalid"); - torture_assert(tctx, strcmp("bloe", (const char *)tdr->data.data) == 0, "right string push"); + torture_assert(tctx, strncmp("bloe", (const char *)tdr->data.data, 4) == 0, "right string push"); torture_assert_ntstatus_ok(tctx, tdr_push_charset(tdr, &l, -1, 1, CH_UTF8), "push failed"); diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 79e1000..12fc676 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -474,6 +474,10 @@ krb5_free_context(krb5_context context) krb5_set_ignore_addresses(context, NULL); krb5_set_send_to_kdc_func(context, NULL, NULL); +#ifdef PKINIT + hx509_context_free(&context->hx509ctx); +#endif + HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); diff --git a/source4/ntvfs/posix/pvfs_streams.c b/source4/ntvfs/posix/pvfs_streams.c index 4da9543..cacd8c1 100644 --- a/source4/ntvfs/posix/pvfs_streams.c +++ b/source4/ntvfs/posix/pvfs_streams.c @@ -304,11 +304,15 @@ NTSTATUS pvfs_stream_rename(struct pvfs_state *pvfs, struct pvfs_filename *name, } status = pvfs_streams_save(pvfs, name, fd, streams); - talloc_free(streams); - /* update the in-memory copy of the name of the open file */ - talloc_free(name->stream_name); - name->stream_name = talloc_strdup(name, new_name); + if (NT_STATUS_IS_OK(status)) { + + /* update the in-memory copy of the name of the open file */ + talloc_free(name->stream_name); + name->stream_name = talloc_strdup(name, new_name); + + talloc_free(streams); + } return status; } diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index 22fc4a1..9d52df1 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -41,7 +41,7 @@ rpc.netlogon.*.ServerGetTrustInfo rpc.netlogon.*.GetDomainInfo # Also fails against W2K8 (but in a different way) samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet samba4.rpc.samr.users.privileges -samba4.rpc.spoolss.printer # Not provided by Samba 4 yet +samba4.rpc.spoolss # Not provided by Samba 4 yet base.charset.*.Testing partial surrogate .*net.api.delshare.* # DelShare isn't implemented yet rap.*netservergetinfo -- Samba Shared Repository