[SCM] Samba Shared Repository - branch v4-16-test updated

Jule Anger Wed, 28 Sep 2022 13:11:20 -0700

The branch, v4-16-test has been updated
       via  2f71273a736 s3: smbd: Fix memory leak in 
smbd_server_connection_terminate_done().
       via  04e54799b2b vfs_gpfs: Protect against timestamps before the Unix 
epoch
       via  08383bedc3b lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
       via  729bbca5e88 vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
      from  6a0280d9553 CVE-2021-20251 dsdb/common: Remove transaction logic 
from samdb_set_password()


https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test


- Log -----------------------------------------------------------------
commit 2f71273a73673da7d2a12e61cbcc3242b2c9958a
Author: Jeremy Allison <j...@samba.org>
Date:   Wed Sep 14 17:05:05 2022 -0700

    s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
    
    The function smbd_server_connection_terminate_done() does not free subreq
    which is allocated in smbXsrv_connection_shutdown_send, this can be a
    memory leakage if multi-channel is enabled.
    
    Suggested fix by haihua yang <hhyang...@gmail.com>
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174
    
    Signed-off-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Noel Power <noel.po...@suse.com>
    
    Autobuild-User(master): Noel Power <npo...@samba.org>
    Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
    
    (cherry picked from commit b600b0c8d9690cb5eeded1e5925c8e667c11af04)
    
    Autobuild-User(v4-16-test): Jule Anger <jan...@samba.org>
    Autobuild-Date(v4-16-test): Wed Sep 28 20:10:04 UTC 2022 on sn-devel-184

commit 04e54799b2bc4666f69106fc7f1236237eae73a9
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Aug 22 15:24:01 2022 +0200

    vfs_gpfs: Protect against timestamps before the Unix epoch
    
    In addition to b954d181cd2 we should also protect against timestamps
    before the epoch.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Christof Schmitt <c...@samba.org>
    
    Autobuild-User(master): Volker Lendecke <v...@samba.org>
    Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184
    
    (cherry picked from commit f6b391e04a4d5974b908f4f375bd2876083aa7b2)

commit 08383bedc3be4807dc2b8fb018790de9e00c5606
Author: Volker Lendecke <v...@samba.org>
Date:   Tue Sep 1 13:24:55 2020 +0200

    lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Christof Schmitt <c...@samba.org>
    
    Autobuild-User(master): Volker Lendecke <v...@samba.org>
    Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 06f35edaf129ce3195960905d38af73ec12fc716)
    (cherry picked from commit e56c18d356bd3419abebd36e1fae39019cabbfaf)

commit 729bbca5e88d9c7bee4fccd2e3c9a8f14b9f8ae7
Author: Volker Lendecke <v...@samba.org>
Date:   Mon Aug 31 16:14:14 2020 +0200

    vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
    
    gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
    should not silently garble time stamps but reject the attempt to set
    an out-of-range timestamp.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Christof Schmitt <c...@samba.org>
    (cherry picked from commit b954d181cd25d9029d3c222e8d97fe7a3b0b2400)

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/errmap_unix.c  |  3 +++
 source3/modules/vfs_gpfs.c | 43 +++++++++++++++++++++++++++++++++----------
 source3/smbd/smb2_server.c |  1 +
 3 files changed, 37 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c
index 73b2f532a06..029efae0f51 100644
--- a/source3/lib/errmap_unix.c
+++ b/source3/lib/errmap_unix.c
@@ -119,6 +119,9 @@ static const struct {
        { EOVERFLOW,      NT_STATUS_ALLOTTED_SPACE_EXCEEDED },
 #endif
        { EINPROGRESS,  NT_STATUS_MORE_PROCESSING_REQUIRED },
+#ifdef ERANGE
+       { ERANGE, NT_STATUS_INTEGER_OVERFLOW },
+#endif
 };
 
 /*********************************************************************
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 6b084fd79a5..fc6e7a65b27 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1706,15 +1706,27 @@ static int vfs_gpfs_lstat(struct vfs_handle_struct 
*handle,
        return ret;
 }
 
-static void timespec_to_gpfs_time(struct timespec ts, gpfs_timestruc_t *gt,
-                                 int idx, int *flags)
+static int timespec_to_gpfs_time(
+       struct timespec ts, gpfs_timestruc_t *gt, int idx, int *flags)
 {
-       if (!is_omit_timespec(&ts)) {
-               *flags |= 1 << idx;
-               gt[idx].tv_sec = ts.tv_sec;
-               gt[idx].tv_nsec = ts.tv_nsec;
-               DEBUG(10, ("Setting GPFS time %d, flags 0x%x\n", idx, *flags));
+       if (is_omit_timespec(&ts)) {
+               return 0;
        }
+
+       if (ts.tv_sec < 0 || ts.tv_sec > UINT32_MAX) {
+               DBG_NOTICE("GPFS uses 32-bit unsigned timestamps "
+                          "and cannot handle %jd.\n",
+                          (intmax_t)ts.tv_sec);
+               errno = ERANGE;
+               return -1;
+       }
+
+       *flags |= 1 << idx;
+       gt[idx].tv_sec = ts.tv_sec;
+       gt[idx].tv_nsec = ts.tv_nsec;
+       DBG_DEBUG("Setting GPFS time %d, flags 0x%x\n", idx, *flags);
+
+       return 0;
 }
 
 static int smbd_gpfs_set_times(struct files_struct *fsp,
@@ -1725,10 +1737,21 @@ static int smbd_gpfs_set_times(struct files_struct *fsp,
        int rc;
 
        ZERO_ARRAY(gpfs_times);
-       timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
-       timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
+       rc = timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
+       if (rc != 0) {
+               return rc;
+       }
+
+       rc = timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
+       if (rc != 0) {
+               return rc;
+       }
+
        /* No good mapping from LastChangeTime to ctime, not storing */
-       timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
+       rc = timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
+       if (rc != 0) {
+               return rc;
+       }
 
        if (!flags) {
                DBG_DEBUG("nothing to do, return to avoid EINVAL\n");
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 042f343b0ca..f4e16cb7da9 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1643,6 +1643,7 @@ static void smbd_server_connection_terminate_done(struct 
tevent_req *subreq)
        NTSTATUS status;
 
        status = smbXsrv_connection_shutdown_recv(subreq);
+       TALLOC_FREE(subreq);
        if (!NT_STATUS_IS_OK(status)) {
                exit_server("smbXsrv_connection_shutdown_recv failed");
        }


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-16-test updated

Reply via email to