[SCM] Samba Shared Repository - branch master updated

Jeremy Allison Tue, 01 Mar 2022 13:00:19 -0800

The branch, master has been updated
       via  8c97743511e smbd: Fix a use-after-free
       via  579c475fa62 smbd: Fix a typo
       via  40b7c862b47 vfs: Set errno in an error return
       via  2b6e557ec46 vfs: Fix a typo
       via  bdf68d64300 vfs: Fix a typo
       via  cb0201973c5 lib: Simplify parent_dirname() by using talloc_strndup()
       via  d255044e2ab lib: Use cp_smb_filename_nostream() in adouble_path()
      from  9eb27f296ae third_party/heimdal_build: Determine whether time_t is 
signed


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8c97743511e4d53f795f2469a28aabfb96da0dfa
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Feb 23 15:56:41 2022 +0100

    smbd: Fix a use-after-free
    
    stat_cache_lookup() allocates its result on top of talloc_tos().
    filename_convert_smb1_search_path() creates a talloc_stackframe(),
    which makes the names which were supposed to be allocated on the "ctx"
    parameter of filename_convert_smb1_search_path() go away too
    early. Reparent the results from stat_cache_lookup() properly.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=14989
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Tue Mar  1 20:59:55 UTC 2022 on sn-devel-184

commit 579c475fa6293017fd4137fa99a0ae091dfdfcad
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Feb 23 15:47:45 2022 +0100

    smbd: Fix a typo
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit 40b7c862b47b87e5d3fc36212e2658382bdae02b
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Feb 22 17:12:44 2022 +0100

    vfs: Set errno in an error return
    
    Don't leak an unrelated errno
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit 2b6e557ec46164e5bd7003199eef0193c66cf4a9
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Feb 22 17:12:34 2022 +0100

    vfs: Fix a typo
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit bdf68d64300a63450fb0873f7885221c748b7cbb
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Feb 22 15:49:37 2022 +0100

    vfs: Fix a typo
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit cb0201973c54cee2988331572f0f111e6d458ad4
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Feb 22 15:46:14 2022 +0100

    lib: Simplify parent_dirname() by using talloc_strndup()
    
    Don't duplicate the talloc_strndup() functionality.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit d255044e2ab971ea39f0eed25e5c53a0c56d3a3a
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Feb 22 15:42:41 2022 +0100

    lib: Use cp_smb_filename_nostream() in adouble_path()
    
    No need to TALLOC_FREE(smb_fname->stream_name) later
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/adouble.c               | 9 +++------
 source3/lib/util.c                  | 4 ++--
 source3/modules/nfs4acl_xattr_nfs.c | 2 +-
 source3/modules/vfs_fruit.c         | 3 ++-
 source3/smbd/filename.c             | 7 +++++++
 source3/smbd/statcache.c            | 2 +-
 6 files changed, 16 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c
index dda7a5ec05f..ef48d1aa73a 100644
--- a/source3/lib/adouble.c
+++ b/source3/lib/adouble.c
@@ -2757,17 +2757,14 @@ int adouble_path(TALLOC_CTX *ctx,
 {
        char *parent;
        const char *base;
-       struct smb_filename *smb_fname = cp_smb_filename(ctx,
-                                               smb_fname_in);
+       struct smb_filename *smb_fname = NULL;
 
+       smb_fname = cp_smb_filename_nostream(ctx, smb_fname_in);
        if (smb_fname == NULL) {
                return -1;
        }
 
-       /* We need streamname to be NULL */
-       TALLOC_FREE(smb_fname->stream_name);
-
-       /* And we're replacing base_name. */
+       /* We're replacing base_name. */
        TALLOC_FREE(smb_fname->base_name);
 
        SET_STAT_INVALID(smb_fname->st);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 58a42ef2f53..d39ad61db20 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1429,10 +1429,10 @@ bool parent_dirname(TALLOC_CTX *mem_ctx, const char 
*dir, char **parent,
 
        len = p-dir;
 
-       if (!(*parent = (char *)talloc_memdup(mem_ctx, dir, len+1))) {
+       *parent = talloc_strndup(mem_ctx, dir, len);
+       if (*parent == NULL) {
                return False;
        }
-       (*parent)[len] = '\0';
 
        if (name) {
                *name = p+1;
diff --git a/source3/modules/nfs4acl_xattr_nfs.c 
b/source3/modules/nfs4acl_xattr_nfs.c
index 63726c3b29d..59e02bf1577 100644
--- a/source3/modules/nfs4acl_xattr_nfs.c
+++ b/source3/modules/nfs4acl_xattr_nfs.c
@@ -351,7 +351,7 @@ static bool create_special_id(TALLOC_CTX *mem_ctx,
        char *s = talloc_strdup(mem_ctx, id);
 
        if (s == NULL) {
-               DBG_ERR("talloc_memdup failed\n");
+               DBG_ERR("talloc_strdup failed\n");
                return false;
        }
        nace->who.utf8string_val = s;
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index e84c4c98d37..e54e0903c40 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -1563,7 +1563,7 @@ static int fruit_open_rsrc_adouble(vfs_handle_struct 
*handle,
        if ((!(flags & O_CREAT)) &&
            S_ISDIR(fsp->base_fsp->fsp_name->st.st_ex_mode))
        {
-               /* sorry, but directories don't habe a resource fork */
+               /* sorry, but directories don't have a resource fork */
                errno = EISDIR;
                rc = -1;
                goto exit;
@@ -1721,6 +1721,7 @@ static int fruit_open_rsrc(vfs_handle_struct *handle,
 
        default:
                DBG_ERR("Unexpected rsrc config [%d]\n", config->rsrc);
+               errno = EINVAL;
                return -1;
        }
 
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 33aed86718f..123fe951639 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1141,6 +1141,13 @@ NTSTATUS unix_convert(TALLOC_CTX *mem_ctx,
                                          &state->name,
                                          state->smb_fname->twrp,
                                          &state->smb_fname->st);
+               /*
+                * stat_cache_lookup() allocates on talloc_tos() even
+                * when !found, reparent correctly
+                */
+               talloc_steal(state->smb_fname, state->smb_fname->base_name);
+               talloc_steal(state->mem_ctx, state->dirpath);
+
                if (found) {
                        goto done;
                }
diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c
index f8d58214c45..4138a9287ad 100644
--- a/source3/smbd/statcache.c
+++ b/source3/smbd/statcache.c
@@ -190,7 +190,7 @@ void stat_cache_add( const char *full_orig_name,
  *               of the name up.
  * @param psd     A stat buffer, NOT from the cache, but just a side-effect.
  *
- * @return True if we translated (and did a scuccessful stat on) the entire
+ * @return True if we translated (and did a successful stat on) the entire
  *               name.
  *
  */


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to