The branch, master has been updated
via 9c507e98f03 libcli:security: Return early if there are no aces to
duplicate
via e7a8e4e6433 libcli:security: Do not duplicate invalid aces
via eabe6d534c5 lib:talloc: Fix undefined behavior in talloc_memdup
from a80fee5054d s4:torture/smb2/session: Fix expire tests
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9c507e98f03eabe59df774a9a5f51411fc23d4e5
Author: Andreas Schneider <[email protected]>
Date: Wed Dec 12 10:21:25 2018 +0100
libcli:security: Return early if there are no aces to duplicate
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Wed Dec 12 22:18:52 CET 2018 on sn-devel-144
commit e7a8e4e6433bf26f6eac46e6a5f65f421a8981bb
Author: Andreas Schneider <[email protected]>
Date: Wed Dec 12 10:08:53 2018 +0100
libcli:security: Do not duplicate invalid aces
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
commit eabe6d534c5c8c6ca38f3dc846f17aad6395da8c
Author: Andreas Schneider <[email protected]>
Date: Thu Nov 22 16:10:39 2018 +0100
lib:talloc: Fix undefined behavior in talloc_memdup
lib/talloc/talloc.c:2419: runtime error: null pointer passed as argument
2, which is declared to never be null
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/talloc/talloc.c | 9 +++++++--
libcli/security/security_descriptor.c | 19 ++++++++++++++-----
2 files changed, 21 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
index 54be63495ae..073a3e50d4b 100644
--- a/lib/talloc/talloc.c
+++ b/lib/talloc/talloc.c
@@ -2413,9 +2413,14 @@ _PUBLIC_ void *_talloc_zero(const void *ctx, size_t
size, const char *name)
*/
_PUBLIC_ void *_talloc_memdup(const void *t, const void *p, size_t size, const
char *name)
{
- void *newp = _talloc_named_const(t, size, name);
+ void *newp = NULL;
- if (likely(newp)) {
+ if (likely(size > 0) && unlikely(p == NULL)) {
+ return NULL;
+ }
+
+ newp = _talloc_named_const(t, size, name);
+ if (likely(newp != NULL) && likely(size > 0)) {
memcpy(newp, p, size);
}
diff --git a/libcli/security/security_descriptor.c
b/libcli/security/security_descriptor.c
index 0a2bb952b0e..7b7a13d421d 100644
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -58,20 +58,29 @@ struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
return NULL;
}
+ if (oacl->aces == NULL && oacl->num_aces > 0) {
+ return NULL;
+ }
+
nacl = talloc (mem_ctx, struct security_acl);
if (nacl == NULL) {
return NULL;
}
+ *nacl = (struct security_acl) {
+ .revision = oacl->revision,
+ .size = oacl->size,
+ .num_aces = oacl->num_aces,
+ };
+ if (nacl->num_aces == 0) {
+ return nacl;
+ }
+
nacl->aces = (struct security_ace *)talloc_memdup (nacl, oacl->aces,
sizeof(struct security_ace) * oacl->num_aces);
- if ((nacl->aces == NULL) && (oacl->num_aces > 0)) {
+ if (nacl->aces == NULL) {
goto failed;
}
- nacl->revision = oacl->revision;
- nacl->size = oacl->size;
- nacl->num_aces = oacl->num_aces;
-
return nacl;
failed:
--
Samba Shared Repository
