rpms/samba
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix winexe core dump

Browse Source 
resolves: #2020376

Guenther
This commit is contained in:
Günther Deschner 2021-11-05 15:00:31 +01:00
parent 331ea7c567
commit 3c2c163325
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
samba-4.15.1-winexe.patch Normal file
View File

@ -0,0 +1,61 @@
From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 4 Nov 2021 22:22:44 +0100
Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218)
---
examples/winexe/winexe.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 3e0813a4091..59fb9dbdebb 100644
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[],
*port_str = '\0';
}
- poptFreeContext(pc);
-
if (options->runas == NULL && options->runas_file != NULL) {
struct cli_credentials *runas_cred;
const char *user;
@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[],
options->credentials = samba_cmdline_get_creds();
- options->hostname = argv_new[0] + 2;
+ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2);
+ if (options->hostname == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
options->port = port;
- options->cmd = argv_new[1];
+ options->cmd = talloc_strdup(mem_ctx, argv_new[1]);
+ if (options->cmd == NULL) {
+ DBG_ERR("Out of memory\n");
+ exit(1);
+ }
+
+ poptFreeContext(pc);
options->flags = flag_interactive;
if (flag_reinstall) {
--
2.33.1

7
samba.spec
View File

@ -129,7 +129,7 @@
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%global baserelease 0 %global baserelease 1
%global samba_version 4.15.1 %global samba_version 4.15.1
%global talloc_version 2.3.3 %global talloc_version 2.3.3
@ -200,6 +200,7 @@ Source201: README.downgrade
Patch0: samba-s4u.patch Patch0: samba-s4u.patch
Patch1: samba-ctdb-etcd-reclock.patch Patch1: samba-ctdb-etcd-reclock.patch
Patch2: samba-4.15.1-winexe.patch
Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/groupadd
Requires(post): systemd Requires(post): systemd
@ -4079,6 +4080,10 @@ fi
%endif %endif
%changelog %changelog
* Fri Nov 05 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.1-1
- Fix winexe core dump
- resolves: #2020376
* Wed Oct 27 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.1-0 * Wed Oct 27 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.1-0
- Update to Samba 4.15.1 - Update to Samba 4.15.1
- resolves: #2017847 - resolves: #2017847