The branch, master has been updated
via 00bab5b3c82 smbXsrv_{open,session,tcon}: protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records
from 7c3bb491baf testprogs: Consistantly use kinit -c $KRB5CCNAME
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 00bab5b3c821f272153a25ded9743460887a7907
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Jul 5 17:17:30 2021 +0200
smbXsrv_{open,session,tcon}: protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records
I saw systems with locking.tdb records being part of:
ctdb catdb smbXsrv_tcon_global.tdb
It's yet unknown how that happened, but we should not panic in srvsvc_*
calls because the info0 pointer was NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14752
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Tue Jul 6 11:08:43 UTC 2021 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smbXsrv_open.c | 9 +++++++++
source3/smbd/smbXsrv_session.c | 7 +++++++
source3/smbd/smbXsrv_tcon.c | 7 +++++++
3 files changed, 23 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smbXsrv_open.c b/source3/smbd/smbXsrv_open.c
index b6ea51a5f66..2b9e52ed2af 100644
--- a/source3/smbd/smbXsrv_open.c
+++ b/source3/smbd/smbXsrv_open.c
@@ -1645,6 +1645,15 @@ static NTSTATUS
smbXsrv_open_global_parse_record(TALLOC_CTX *mem_ctx,
goto done;
}
+ if (global_blob.info.info0 == NULL) {
+ status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ DEBUG(1,("Invalid record in smbXsrv_tcon_global.tdb:"
+ "key '%s' info0 NULL pointer - %s\n",
+ hex_encode_talloc(frame, key.dptr, key.dsize),
+ nt_errstr(status)));
+ goto done;
+ }
+
*global = talloc_move(mem_ctx, &global_blob.info.info0);
status = NT_STATUS_OK;
done:
diff --git a/source3/smbd/smbXsrv_session.c b/source3/smbd/smbXsrv_session.c
index 0a4827519d1..eafee5dac72 100644
--- a/source3/smbd/smbXsrv_session.c
+++ b/source3/smbd/smbXsrv_session.c
@@ -2425,6 +2425,13 @@ static int smbXsrv_session_global_traverse_fn(struct
db_record *rec, void *data)
goto done;
}
+ if (global_blob.info.info0 == NULL) {
+ DEBUG(1,("Invalid record in smbXsrv_tcon_global.tdb:"
+ "key '%s' info0 NULL pointer\n",
+ hex_encode_talloc(frame, key.dptr, key.dsize)));
+ goto done;
+ }
+
global_blob.info.info0->db_rec = rec;
ret = state->fn(global_blob.info.info0, state->private_data);
done:
diff --git a/source3/smbd/smbXsrv_tcon.c b/source3/smbd/smbXsrv_tcon.c
index 938eb7ab162..6b105522855 100644
--- a/source3/smbd/smbXsrv_tcon.c
+++ b/source3/smbd/smbXsrv_tcon.c
@@ -1209,6 +1209,13 @@ static int smbXsrv_tcon_global_traverse_fn(struct
db_record *rec, void *data)
goto done;
}
+ if (global_blob.info.info0 == NULL) {
+ DEBUG(1,("Invalid record in smbXsrv_tcon_global.tdb:"
+ "key '%s' info0 NULL pointer\n",
+ hex_encode_talloc(frame, key.dptr, key.dsize)));
+ goto done;
+ }
+
global_blob.info.info0->db_rec = rec;
ret = state->fn(global_blob.info.info0, state->private_data);
done:
--
Samba Shared Repository
