parent
03eaaa0ae3
commit
1ea2856acd
6 changed files with 2932 additions and 42 deletions
@ -0,0 +1,30 @@ |
||||
From e3f491fde52c3c7f31b0137125cb0ab1d5721f87 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Thu, 17 May 2018 11:53:18 +0200
|
||||
Subject: [PATCH] s3:utils: Do not segfault on error in DoDNSUpdate()
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13440
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Volker Lendecke <vl@samba.org>
|
||||
|
||||
(cherry picked from commit cdd98aa1e2116fb97e16718d115ee883fe1bc8ba)
|
||||
---
|
||||
source3/utils/net_dns.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
|
||||
index d972a5d4bad..9ee856c0059 100644
|
||||
--- a/source3/utils/net_dns.c
|
||||
+++ b/source3/utils/net_dns.c
|
||||
@@ -75,6 +75,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
|
||||
|
||||
if (!ERR_DNS_IS_OK(err)) {
|
||||
DEBUG(3,("DoDNSUpdate: failed to probe DNS\n"));
|
||||
+ goto error;
|
||||
}
|
||||
|
||||
if ((dns_response_code(resp->flags) == DNS_NO_ERROR) &&
|
||||
--
|
||||
2.16.3
|
||||
|
@ -0,0 +1,105 @@ |
||||
From 27bd0925c556ff69ce5db306f513eb4e4e7d4c7e Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Mon, 19 Feb 2018 18:07:50 +0100
|
||||
Subject: [PATCH] s3:smbd: Do not crash if we fail to init the session table
|
||||
|
||||
This should the following segfault with SMB1:
|
||||
|
||||
#6 sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
|
||||
#7 <signal handler called>
|
||||
#8 smbXsrv_session_create (conn=conn@entry=0x5654d3512af0, now=now@entry=131594481900356690, _session=_session@entry=0x7ffc93a778e8)
|
||||
at ../source3/smbd/smbXsrv_session.c:1212
|
||||
#9 0x00007f7618aa21ef in reply_sesssetup_and_X (req=req@entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
|
||||
#10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, req=req@entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
|
||||
#11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, xconn=0x5654d35146d0)
|
||||
at ../source3/smbd/process.c:1762
|
||||
#12 process_smb (xconn=xconn@entry=0x5654d3512af0, inbuf=<optimized out>, nread=140, unread_bytes=0, seqnum=0, encrypted=<optimized out>,
|
||||
deferred_pcd=deferred_pcd@entry=0x0) at ../source3/smbd/process.c:2008
|
||||
#13 0x00007f7618ae4c41 in smbd_server_connection_read_handler (xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
|
||||
#14 0x00007f761587eedb in epoll_event_loop_once () from /lib64/libtevent.so.0
|
||||
|
||||
Inspection the core shows that:
|
||||
conn->client-session_table is NULL
|
||||
conn->protocol is PROTOCOL_NONE
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
(cherry picked from commit a89a7146563f2d9eb8bc02f1c090158ee499c878)
|
||||
---
|
||||
source3/smbd/negprot.c | 23 ++++++++++++++++++++---
|
||||
1 file changed, 20 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
|
||||
index d3f4776076f..70249f7b446 100644
|
||||
--- a/source3/smbd/negprot.c
|
||||
+++ b/source3/smbd/negprot.c
|
||||
@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
|
||||
time_t t = time(NULL);
|
||||
struct smbXsrv_connection *xconn = req->xconn;
|
||||
uint16_t raw;
|
||||
+ NTSTATUS status;
|
||||
+
|
||||
if (lp_async_smb_echo_handler()) {
|
||||
raw = 0;
|
||||
} else {
|
||||
@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
|
||||
SSVAL(req->outbuf,smb_vwv11, 8);
|
||||
}
|
||||
|
||||
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
|
||||
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
|
||||
+ if (!NT_STATUS_IS_OK(status)) {
|
||||
+ reply_nterror(req, status);
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
/* Reply, SMBlockread, SMBwritelock supported. */
|
||||
SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
|
||||
@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
|
||||
time_t t = time(NULL);
|
||||
struct smbXsrv_connection *xconn = req->xconn;
|
||||
uint16_t raw;
|
||||
+ NTSTATUS status;
|
||||
+
|
||||
if (lp_async_smb_echo_handler()) {
|
||||
raw = 0;
|
||||
} else {
|
||||
@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
|
||||
SSVAL(req->outbuf,smb_vwv11, 8);
|
||||
}
|
||||
|
||||
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
|
||||
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
|
||||
+ if (!NT_STATUS_IS_OK(status)) {
|
||||
+ reply_nterror(req, status);
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
/* Reply, SMBlockread, SMBwritelock supported. */
|
||||
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
|
||||
@@ -260,6 +272,7 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
|
||||
struct smbXsrv_connection *xconn = req->xconn;
|
||||
bool signing_desired = false;
|
||||
bool signing_required = false;
|
||||
+ NTSTATUS status;
|
||||
|
||||
xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
|
||||
|
||||
@@ -337,7 +350,11 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
|
||||
SSVAL(req->outbuf,smb_vwv0,choice);
|
||||
SCVAL(req->outbuf,smb_vwv1,secword);
|
||||
|
||||
- smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
|
||||
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
|
||||
+ if (!NT_STATUS_IS_OK(status)) {
|
||||
+ reply_nterror(req, status);
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
|
||||
SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
|
||||
--
|
||||
2.16.2
|
||||
|
@ -0,0 +1,33 @@ |
||||
From 8fb23665ddad8f65a6461c310ed5680d104fd9bf Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@samba.org>
|
||||
Date: Tue, 17 Apr 2018 08:55:23 +0200
|
||||
Subject: [PATCH] s3:passdb: Do not return OK if we don't have pinfo set up
|
||||
|
||||
This prevents a crash in fill_mem_keytab_from_secrets()
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
||||
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
||||
|
||||
(cherry picked from commit 99859479fc6e12b2f74ce2dfa83da56d8b8f3d26)
|
||||
---
|
||||
source3/passdb/machine_account_secrets.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
|
||||
index 75f31cb04e2..d36fa268a4b 100644
|
||||
--- a/source3/passdb/machine_account_secrets.c
|
||||
+++ b/source3/passdb/machine_account_secrets.c
|
||||
@@ -1317,7 +1317,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
|
||||
|
||||
last_set_time = secrets_fetch_pass_last_set_time(domain);
|
||||
if (last_set_time == 0) {
|
||||
- return NT_STATUS_OK;
|
||||
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||
}
|
||||
unix_to_nt_time(&last_set_nt, last_set_time);
|
||||
|
||||
--
|
||||
2.16.3
|
||||
|
@ -0,0 +1,130 @@ |
||||
From 2f6d1b8b5a1643082d93f338b0528b861caeff80 Mon Sep 17 00:00:00 2001
|
||||
From: Volker Lendecke <vl@samba.org>
|
||||
Date: Wed, 11 Apr 2018 10:42:21 +0200
|
||||
Subject: [PATCH] rpc_server: Init local_server_* in
|
||||
make_internal_rpc_pipe_socketpair
|
||||
|
||||
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13370
|
||||
Signed-off-by: Volker Lendecke <vl@samba.org>
|
||||
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
||||
|
||||
Autobuild-User(master): Volker Lendecke <vl@samba.org>
|
||||
Autobuild-Date(master): Wed Apr 11 15:19:19 CEST 2018 on sn-devel-144
|
||||
|
||||
(cherry picked from commit 212815969f4a706bc8395e2f6dbf225318ff2ad7)
|
||||
---
|
||||
source3/rpc_server/rpc_ncacn_np.c | 31 +++++++++++++++++++++++--------
|
||||
source3/rpc_server/rpc_ncacn_np.h | 18 ++++++++++--------
|
||||
source3/rpc_server/srv_pipe_hnd.c | 18 ++++++++++--------
|
||||
3 files changed, 43 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
|
||||
index 0728f54b092..d7e7785248d 100644
|
||||
--- a/source3/rpc_server/rpc_ncacn_np.c
|
||||
+++ b/source3/rpc_server/rpc_ncacn_np.c
|
||||
@@ -69,14 +69,16 @@ fail:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
|
||||
- struct tevent_context *ev_ctx,
|
||||
- struct messaging_context *msg_ctx,
|
||||
- const char *pipe_name,
|
||||
- const struct ndr_syntax_id *syntax,
|
||||
- const struct tsocket_address *remote_address,
|
||||
- const struct auth_session_info *session_info,
|
||||
- struct npa_state **pnpa)
|
||||
+NTSTATUS make_internal_rpc_pipe_socketpair(
|
||||
+ TALLOC_CTX *mem_ctx,
|
||||
+ struct tevent_context *ev_ctx,
|
||||
+ struct messaging_context *msg_ctx,
|
||||
+ const char *pipe_name,
|
||||
+ const struct ndr_syntax_id *syntax,
|
||||
+ const struct tsocket_address *remote_address,
|
||||
+ const struct tsocket_address *local_address,
|
||||
+ const struct auth_session_info *session_info,
|
||||
+ struct npa_state **pnpa)
|
||||
{
|
||||
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
||||
struct named_pipe_client *npc;
|
||||
@@ -136,6 +138,19 @@ NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ npc->local_server_addr = tsocket_address_copy(local_address, npc);
|
||||
+ if (npc->local_server_addr == NULL) {
|
||||
+ status = NT_STATUS_NO_MEMORY;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ npc->local_server_name = tsocket_address_inet_addr_string(
|
||||
+ npc->local_server_addr, npc);
|
||||
+ if (npc->local_server_name == NULL) {
|
||||
+ status = NT_STATUS_NO_MEMORY;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
npc->session_info = copy_session_info(npc, session_info);
|
||||
if (npc->session_info == NULL) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
diff --git a/source3/rpc_server/rpc_ncacn_np.h b/source3/rpc_server/rpc_ncacn_np.h
|
||||
index 03bbd3f8af9..9ba58644ec0 100644
|
||||
--- a/source3/rpc_server/rpc_ncacn_np.h
|
||||
+++ b/source3/rpc_server/rpc_ncacn_np.h
|
||||
@@ -44,14 +44,16 @@ NTSTATUS make_external_rpc_pipe(TALLOC_CTX *mem_ctx,
|
||||
const struct auth_session_info *session_info,
|
||||
struct npa_state **pnpa);
|
||||
|
||||
-NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
|
||||
- struct tevent_context *ev_ctx,
|
||||
- struct messaging_context *msg_ctx,
|
||||
- const char *pipe_name,
|
||||
- const struct ndr_syntax_id *syntax,
|
||||
- const struct tsocket_address *remote_address,
|
||||
- const struct auth_session_info *session_info,
|
||||
- struct npa_state **pnpa);
|
||||
+NTSTATUS make_internal_rpc_pipe_socketpair(
|
||||
+ TALLOC_CTX *mem_ctx,
|
||||
+ struct tevent_context *ev_ctx,
|
||||
+ struct messaging_context *msg_ctx,
|
||||
+ const char *pipe_name,
|
||||
+ const struct ndr_syntax_id *syntax,
|
||||
+ const struct tsocket_address *remote_address,
|
||||
+ const struct tsocket_address *local_address,
|
||||
+ const struct auth_session_info *session_info,
|
||||
+ struct npa_state **pnpa);
|
||||
|
||||
struct np_proxy_state {
|
||||
uint16_t file_type;
|
||||
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
|
||||
index f9b7855b40f..baa4ce96334 100644
|
||||
--- a/source3/rpc_server/srv_pipe_hnd.c
|
||||
+++ b/source3/rpc_server/srv_pipe_hnd.c
|
||||
@@ -106,14 +106,16 @@ NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name,
|
||||
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
}
|
||||
|
||||
- status = make_internal_rpc_pipe_socketpair(handle,
|
||||
- ev_ctx,
|
||||
- msg_ctx,
|
||||
- name,
|
||||
- &syntax,
|
||||
- remote_client_address,
|
||||
- session_info,
|
||||
- &npa);
|
||||
+ status = make_internal_rpc_pipe_socketpair(
|
||||
+ handle,
|
||||
+ ev_ctx,
|
||||
+ msg_ctx,
|
||||
+ name,
|
||||
+ &syntax,
|
||||
+ remote_client_address,
|
||||
+ local_server_address,
|
||||
+ session_info,
|
||||
+ &npa);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
talloc_free(handle);
|
||||
return status;
|
||||
--
|
||||
2.11.0
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue