The branch, v4-15-test has been updated via 94bdda617e0 s3/util/py_net.c: fix samba-tool domain join&leave segfault from f9815fddb5e s3:rpcclient: Goto done in cmd_samr_setuserinfo_int()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log ----------------------------------------------------------------- commit 94bdda617e018f6ae75effede3a2fae453bc47af Author: Michael Tokarev <m...@tls.msk.ru> Date: Tue May 24 16:25:41 2022 +0300 s3/util/py_net.c: fix samba-tool domain join&leave segfault We process python args using PyArg_ParseTupleAndKeywords(), and use "p" type modifier there. According to documentation, this type modifier, while works for a boolean type, expects an argument of type int. But in py_net_join_member() and py_net_leave() we use argument of type uint8_t (keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords() tries to assign a value to &r->in.debug, it updates subsequent, unrelated bytes too, - which ones depends on the stack and structure layout used by the compiler. Fix this by using an int proxy variable "debug" (of the same type) for r->in.debug. While at it, also ensure all variables have sensible default values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15078 Signed-off-by: Michael Tokarev <m...@tls.msk.ru> Reviewed-by: Alexander Bokovoy <a...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Wed May 25 06:19:32 UTC 2022 on sn-devel-184 Backported-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (backported from commit 976326fa2b6423ac5866af682605cf7584e4991a, with changes because 4.15 doesn't have no_dns_update, along with other changes that foil the patch. Also the BUG: line was added above). Autobuild-User(v4-15-test): Jule Anger <jan...@samba.org> Autobuild-Date(v4-15-test): Mon Aug 15 09:18:25 UTC 2022 on sn-devel-184 ----------------------------------------------------------------------- Summary of changes: source3/utils/py_net.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/py_net.c b/source3/utils/py_net.c index 8a8a756ea21..ef2c0a0599a 100644 --- a/source3/utils/py_net.c +++ b/source3/utils/py_net.c @@ -67,6 +67,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec WERROR werr; PyObject *result; TALLOC_CTX *mem_ctx; + int debug = false; bool modify_config = lp_config_backend_is_registry(); const char *kwnames[] = { "dnshostname", "createupn", "createcomputer", "osName", "osVer", "osServicePack", @@ -93,7 +94,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec &r->in.os_version, &r->in.os_servicepack, &r->in.machine_password, - &r->in.debug)) { + &debug)) { talloc_free(mem_ctx); PyErr_FromString(_("Invalid arguments\n")); return NULL; @@ -121,6 +122,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; r->in.msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE()); + r->in.debug = debug; werr = libnet_Join(mem_ctx, r); if (W_ERROR_EQUAL(werr, WERR_NERR_DCNOTFOUND)) { @@ -166,7 +168,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa struct libnet_UnjoinCtx *r = NULL; WERROR werr; TALLOC_CTX *mem_ctx; - bool keep_account = false; + int keep_account = false, debug = false; const char *kwnames[] = { "keepAccount", "debug", NULL }; mem_ctx = talloc_new(self->mem_ctx); @@ -189,7 +191,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|pp:Leave", discard_const_p(char *, kwnames), - &keep_account, &r->in.debug)) { + &keep_account, &debug)) { talloc_free(mem_ctx); PyErr_FromString(_("Invalid arguments\n")); return NULL; @@ -201,6 +203,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa r->in.admin_account = cli_credentials_get_username(self->creds); r->in.admin_password = cli_credentials_get_password(self->creds); r->in.modify_config = lp_config_backend_is_registry(); + r->in.debug = debug; /* * Try to delete it, but if that fails, disable it. The -- Samba Shared Repository