[SCM] Samba Shared Repository - branch v4-17-test updated
The branch, v4-17-test has been updated via bc05daafbc6 s3:client: Fix a use-after-free issue in smbclient via 0d2acb2e228 s3:script: Improve test_chdir_cache.sh via 72e6fff0e5f s3:params:lp_do_section - protect against NULL deref via 4f47415e248 rpc_server:srvsvc - retrieve share ACL via root context via 0d89084e044 ctdb: Fix a use-after-free in run_proc from 72dcfb4773d VERSION: Bump version up to Samba 4.17.5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test - Log - commit bc05daafbc6ffb972faa58943514ecd9f879cdad Author: Andreas Schneider Date: Thu Dec 22 10:31:11 2022 +0100 s3:client: Fix a use-after-free issue in smbclient Detected by make test TESTS="samba3.blackbox.chdir-cache" with an optimized build or with AddressSanitizer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 9c707b4be27e2a6f79886d3ec8b5066c922b99bd) Autobuild-User(v4-17-test): Jule Anger Autobuild-Date(v4-17-test): Wed Jan 4 21:23:48 UTC 2023 on sn-devel-184 commit 0d2acb2e22846799e90d31b77431dda1dc4ef7de Author: Andreas Schneider Date: Thu Dec 22 10:36:02 2022 +0100 s3:script: Improve test_chdir_cache.sh BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 0d1961267cd9e8f1158a407c5d135514c363f37e) commit 72e6fff0e5f61ad4f0d636bcd212120805577032 Author: Andrew Walker Date: Mon Dec 19 08:17:47 2022 -0500 s3:params:lp_do_section - protect against NULL deref iServiceIndex may indicate an empty slot in the ServicePtrs array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex]) may trigger a NULL deref and crash. Skipping the check here will cause a scan of the array in add_a_service() and the NULL slot will be used safely. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267 Signed-off-by: Andrew Walker Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184 (cherry picked from commit 5b19288949e97a5af742ff2719992d56f21e364a) commit 4f47415e248452dc34b10008474853bbc81a2165 Author: Andrew Date: Fri Dec 16 08:16:10 2022 -0800 rpc_server:srvsvc - retrieve share ACL via root context share_info.tdb has permissions of 0o600 and so we need to become_root() prior to retrieving the security info. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265 Signed-off-by: Andrew Walker Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184 (cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05) commit 0d89084e0443c5cabb3f9cc6633f6b9c6ede29c1 Author: Volker Lendecke Date: Fri Sep 30 17:02:41 2022 +0200 ctdb: Fix a use-after-free in run_proc If you happen to talloc_free(run_ctx) before all the tevent_req's hanging off it, you run into the following: ==495196== Invalid read of size 8 ==495196==at 0x10D757: run_proc_state_destructor (run_proc.c:413) ==495196==by 0x488F736: _tc_free_internal (talloc.c:1158) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x48538B1: tevent_req_received (tevent_req.c:293) ==495196==by 0x4853429: tevent_req_destructor (tevent_req.c:129) ==495196==by 0x488F736: _tc_free_internal (talloc.c:1158) ==495196==by 0x4890AF6: _tc_free_children_internal (talloc.c:1669) ==495196==by 0x488F967: _tc_free_internal (talloc.c:1184) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x10DE62: main (run_proc_test.c:86) ==495196== Address 0x55b77f8 is 152 bytes inside a block of size 160 free'd ==495196==at 0x48399AB: free (vg_replace_malloc.c:538) ==495196==by 0x488FB25: _tc_free_internal (talloc.c:1222) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x10D315: run_proc_context_destructor (run_proc.c:329) ==495196==by 0x488F736: _tc_free_internal (talloc.c:1158) ==495196==by 0x488FBDD: _talloc_free_internal (talloc.c:1248) ==495196==by 0x4890F41: _talloc_free (talloc.c:1792) ==495196==by 0x10DE62: main (run_proc_test.c:86) ==495196== Block was alloc'd at ==495196==at 0x483877F: malloc (vg_replace_malloc.c:307) ==495196==by 0x488EAD9:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9636b40b05b smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO via dc98e564604 smbd: Factor out get_dirent_ea_size() via 8000c188374 pylibsmb: Add reparse tag definitions via ecdb225a7c6 pylibsmb: Get reparse tag when listing directories via d4f47d4b869 smbd: Modernize a DBG statement via eb0e911c73c smbd: Shorten a few lines via 852ce99e2ae smbd: Remove duplicate/unused #defines via 7a21dc75645 torture: Fix whitespace via 71610e3633d smbd: Move SMB_QUERY_FILE_UNIX_LINK to smb1_trans2.c via f48e2489ad7 smbd: Move get_posix_fsp() to smb1_trans2.c via 6fc64f53a80 smbd: Move SMB_QUERY_POSIX_ACL to smb1_trans2.c via 01e14e0fe13 smbd: Move SMB_QUERY_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c via 0cfea607927 smbd: Remove an unnecessary if-statement via 65fc2b105a3 smbd: Remove an unnecessary if-statement via 4f69b76fa18 smbd: Move smb_set_posix_acl() to smb1_trans2.c via 19c41395e55 smbd: Make get_posix_fsp() public via b0dfee968a4 smbd: smbd_do_qfilepathinfo() does not need lock_data anymore via e53988cdea2 smbd: Handle SMB_QUERY_POSIX_LOCK() in call_trans2qfileinfo() via ad453a3827b smbd: Remove two variables never set after initialization via 2be0e68ec51 smbd: Move SMB_SET_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c via 483aa414809 smbd: Make map_info2_flags_to_sbuf() public via 1c21fc72e9a smbd: Make smb_set_file_size() public via 765f9bcf666 smbd: Move handling smb_set_posix_lock() to smb1_trans2.c via 2cef6fcd6d1 smbd: Move smb_set_file_unix_hlink() to smb1_trans2.c via 5273c1da12a smbd: Move smb_set_file_unix_link() to smb1_trans2.c via cabef724697 smbd: Move smb_posix_unlink() to smb1_trans2.c via bcc621a69f9 smbd: Make smb_set_file_disposition_info() public via 38b15fada27 smbd: Move smb_posix_open() to smb1_trans2.c via 58287995e5b smbd: Make store_file_unix_basic[_info2] public via bad8aa10cd8 smbd: Factor out handle_trans2qfilepathinfo_result() via 5f7d16dbefa smbd: Simplify call_trans2qfilepathinfo() via d66dc816716 smbd: Fix qfileinfo profiling via 3b76bc9689c smbd: Remove call_trans2setfilepathinfo() via 5f38f23668b smbd: Factor out handle_trans2setfilepathinfo_result() via f72572ff6f4 smbd: Simplify call_trans2setfilepathinfo() via 6619b16fec7 smbd: Fix setfileinfo profiling from c9a6e242d15 s3: smbd: Strip any leading '\' characters if the SMB2 DFS flag is set. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9636b40b05b90e5317bb1ef29985ffb91bccf482 Author: Volker Lendecke Date: Mon Jan 2 16:21:50 2023 +0100 smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO This is a bit more involved as readdir_attr_data needs to be looked at. The meaning of this if-statements should be the same though, readdir_attr_data can only be non-NULL if we don't have a reparse point around. See the beginning of smbd_marshall_dir_entry(). Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Jan 4 09:48:37 UTC 2023 on sn-devel-184 commit dc98e564604f4b61fbc6bd41ba8c05ead30e7aa2 Author: Volker Lendecke Date: Mon Jan 2 16:19:12 2023 +0100 smbd: Factor out get_dirent_ea_size() Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 8000c1883748dcf4a5e2c2ea8f90115dff07254a Author: Volker Lendecke Date: Mon Jan 2 16:01:10 2023 +0100 pylibsmb: Add reparse tag definitions Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit ecdb225a7c6688f1d8ad53e6f651e7e985297582 Author: Volker Lendecke Date: Mon Jan 2 14:29:12 2023 +0100 pylibsmb: Get reparse tag when listing directories Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit d4f47d4b86923741ef8644b6aee8fc2faab79d74 Author: Volker Lendecke Date: Wed Dec 28 23:18:20 2022 +0100 smbd: Modernize a DBG statement Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit eb0e911c73cfc8d1ec348a17de13f71344901f92 Author: Volker Lendecke Date: Wed Dec 28 23:14:25 2022 +0100 smbd: Shorten a few lines Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 852ce99e2aeea148c3f0d5301ad4e93be9c94630 Author: Volker Lendecke Date: Fri Dec 23 09:21:25 2022 +0100 smbd: Remove duplicate/unused #defines Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme commit 7a21dc75645040e44a8940e6dad3e064124e918e Author: Volker Lendecke Date: Sat Dec 24 14:08:40 2022 +0100 torture: Fix whitespace Signed-off-by: Volker Lendecke
