The branch, v4-14-test has been updated
via cefad52c90b s4:dsdb/vlv_pagination: fix segfault in vlv_results()
via 271d3f7b4a8 s4:dsdb/paged_results: fix segfault in paged_results()
via 01e15dfaede s4:rpc_server/netlogon: let CSDVersion="" wipe
operatingSystemServicePack
via 09832c6f95e s4:torture/rpc: test how CSDVersion="" wipes
operatingSystemServicePack
from 6417cadc277 ldb: version 2.3.3
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test
- Log -----------------------------------------------------------------
commit cefad52c90be03ef2ca95f1cc2c9ddfec19e85c8
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jan 19 15:57:08 2022 +0100
s4:dsdb/vlv_pagination: fix segfault in vlv_results()
It can happen that the vlv_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14952
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Thu Jan 20 10:04:39 UTC 2022 on sn-devel-184
(cherry picked from commit 7d16a56b9d1cde8a5174381ef4924a2ea7be59bc)
Autobuild-User(v4-14-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-14-test): Wed Jan 26 11:02:44 UTC 2022 on sn-devel-184
commit 271d3f7b4a82f75e2e75b9c5ba62c1aa9944f570
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jan 19 15:57:08 2022 +0100
s4:dsdb/paged_results: fix segfault in paged_results()
It can happen that the paged_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
We also should not call ldb_module_done() if paged_results()
fails, as it was already called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14952
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
(cherry picked from commit 19fa22b1fbcf33dbc4defe4dd2e487a642786c49)
commit 01e15dfaedecfe80527475de1c5c60c5be8b8f4e
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Dec 21 14:00:34 2021 +0100
s4:rpc_server/netlogon: let CSDVersion="" wipe operatingSystemServicePack
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14936
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Jan 11 22:03:03 UTC 2022 on sn-devel-184
(cherry picked from commit 1243f52f7ae58de1005c431e20563f2f1902dfce)
commit 09832c6f95ef1b57a75e419a3cca02f68fca4caa
Author: Stefan Metzmacher <me...@samba.org>
Date: Tue Dec 21 13:58:07 2021 +0100
s4:torture/rpc: test how CSDVersion="" wipes operatingSystemServicePack
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14936
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 4a0a0d2fc9555dc8ff7692607b1d51189785bd47)
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/paged_results.c | 19 ++++++++++++-------
source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 21 +++++++++++++--------
source4/rpc_server/netlogon/dcerpc_netlogon.c | 11 ++++++++---
source4/torture/rpc/netlogon.c | 10 +++++-----
4 files changed, 38 insertions(+), 23 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/paged_results.c
b/source4/dsdb/samdb/ldb_modules/paged_results.c
index 3eea3236e7d..2063e84e157 100644
--- a/source4/dsdb/samdb/ldb_modules/paged_results.c
+++ b/source4/dsdb/samdb/ldb_modules/paged_results.c
@@ -239,6 +239,7 @@ static int paged_search_by_dn_guid(struct ldb_module
*module,
static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
{
+ struct ldb_extended *response = (ares != NULL ? ares->response : NULL);
struct ldb_paged_control *paged;
unsigned int i, num_ctrls;
int ret;
@@ -246,7 +247,7 @@ static int paged_results(struct paged_context *ac, struct
ldb_reply *ares)
if (ac->store == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
while (ac->store->last_i < ac->store->num_entries && ac->size > 0) {
@@ -276,7 +277,7 @@ static int paged_results(struct paged_context *ac, struct
ldb_reply *ares)
continue;
} else if (ret != LDB_SUCCESS) {
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ret = ldb_module_send_entry(ac->req, result->msgs[0],
@@ -318,7 +319,7 @@ static int paged_results(struct paged_context *ac, struct
ldb_reply *ares)
if (ac->controls == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[num_ctrls] = NULL;
@@ -331,7 +332,7 @@ static int paged_results(struct paged_context *ac, struct
ldb_reply *ares)
if (ac->controls[i] == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[i]->oid = talloc_strdup(ac->controls[i],
@@ -339,7 +340,7 @@ static int paged_results(struct paged_context *ac, struct
ldb_reply *ares)
if (ac->controls[i]->oid == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[i]->critical = 0;
@@ -348,7 +349,7 @@ static int paged_results(struct paged_context *ac, struct
ldb_reply *ares)
if (paged == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[i]->data = paged;
@@ -803,7 +804,11 @@ static int paged_search(struct ldb_module *module, struct
ldb_request *req)
ret = paged_results(ac, NULL);
if (ret != LDB_SUCCESS) {
- return ldb_module_done(req, NULL, NULL, ret);
+ /*
+ * paged_results() will have called ldb_module_done
+ * if an error occurred
+ */
+ return ret;
}
return ldb_module_done(req, ac->controls, NULL, LDB_SUCCESS);
}
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
index d6d6039e849..b389d3fd4f0 100644
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
@@ -389,6 +389,7 @@ static int vlv_calc_real_offset(int offset, int
denominator, int n_entries)
static int vlv_results(struct vlv_context *ac, struct ldb_reply *ares)
{
+ struct ldb_extended *response = (ares != NULL ? ares->response : NULL);
struct ldb_vlv_resp_control *vlv;
unsigned int num_ctrls;
int ret, i, first_i, last_i;
@@ -399,7 +400,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
if (ac->store == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
if (ac->store->first_ref) {
@@ -428,7 +429,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
return ldb_module_done(
ac->req,
ac->controls,
- ares->response,
+ response,
ret);
}
} else {
@@ -440,7 +441,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
return ldb_module_done(
ac->req,
ac->controls,
- ares->response,
+ response,
ret);
}
}
@@ -480,7 +481,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
return ldb_module_done(
ac->req,
ac->controls,
- ares->response,
+ response,
ret);
}
@@ -513,7 +514,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
if (ac->controls == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[num_ctrls] = NULL;
@@ -525,7 +526,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
if (ac->controls[i] == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[i]->oid = talloc_strdup(ac->controls[i],
@@ -533,7 +534,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
if (ac->controls[i]->oid == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[i]->critical = 0;
@@ -542,7 +543,7 @@ static int vlv_results(struct vlv_context *ac, struct
ldb_reply *ares)
if (vlv == NULL) {
ret = LDB_ERR_OPERATIONS_ERROR;
return ldb_module_done(
- ac->req, ac->controls, ares->response, ret);
+ ac->req, ac->controls, response, ret);
}
ac->controls[i]->data = vlv;
@@ -891,6 +892,10 @@ static int vlv_search(struct ldb_module *module, struct
ldb_request *req)
ret = vlv_results(ac, NULL);
if (ret != LDB_SUCCESS) {
+ /*
+ * vlv_results() will have called ldb_module_done
+ * if there was an error.
+ */
return ret;
}
return ldb_module_done(req, ac->controls, NULL,
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c
b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index f0c8f60ac90..e930d9048e7 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -2598,9 +2598,14 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct
dcesrv_call_state *dce_cal
os_version->BuildNumber);
NT_STATUS_HAVE_NO_MEMORY(os_version_str);
- ret = ldb_msg_add_string(new_msg,
- "operatingSystemServicePack",
- os_version->CSDVersion);
+ if (strlen(os_version->CSDVersion) != 0) {
+ ret = ldb_msg_add_string(new_msg,
+
"operatingSystemServicePack",
+
os_version->CSDVersion);
+ } else {
+ ret = samdb_msg_add_delete(sam_ctx, mem_ctx,
new_msg,
+
"operatingSystemServicePack");
+ }
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 7899b987724..7884cc66d98 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -5143,8 +5143,8 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call
(variation of DNS hostname doesn't work)\n");
netlogon_creds_client_authenticator(creds, &a);
- /* Wipe out the osVersion, and prove which values still 'stick' */
- q1.os_version.os = NULL;
+ /* Wipe out the CSDVersion, and prove which values still 'stick' */
+ os.os.CSDVersion = "";
/* Change also the DNS hostname to test differences in behaviour */
talloc_free(discard_const_p(char, q1.dns_hostname));
@@ -5175,9 +5175,9 @@ static bool test_GetDomainInfo(struct torture_context
*tctx,
torture_assert(tctx,
ldb_msg_find_attr_as_string(res[0],
"operatingSystemServicePack", NULL) == NULL,
"'operatingSystemServicePack' shouldn't stick!");
- torture_assert(tctx,
- ldb_msg_find_attr_as_string(res[0],
"operatingSystemVersion", NULL) == NULL,
- "'operatingSystemVersion' shouldn't stick!");
+ torture_assert_str_equal(tctx,
+ ldb_msg_find_attr_as_string(res[0],
"operatingSystemVersion", NULL),
+ version_str, "'operatingSystemVersion'
wrong!");
/* The DNS host name shouldn't have been updated by the server
*/
--
Samba Shared Repository
