rpms/samba
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Revert OL changes

Browse Source
This commit is contained in:
eabdullin 2025-05-07 18:10:27 +03:00
parent 338a40afad
commit e22a3a3f04
2 changed files with 1 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
SOURCES/102-orabug36566309-s3-winbindd-winbindd_pam-fix-leak-in-extract_pac_vrfy_sigs.patch
View File

@ -1,80 +0,0 @@
From 48493735e2d2091740fe784cf07a4258dfc0b512 Mon Sep 17 00:00:00 2001
From: Shaleen Bathla <shaleen.bathla@oracle.com>
Date: Wed, 10 Apr 2024 18:31:39 +0530
Subject: [PATCH] s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs
Add missing free for entry variable and its members : key and principal
Found definite memory leaks via valgrind as shown below.
Leak 1 :
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
==1686== by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Leak 2 :
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
==1686== by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224
Orabug: 36566309
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com>
---
source3/winbindd/winbindd_pam.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 6c890c8acd5..e7d64189b7e 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -3433,12 +3433,17 @@ static NTSTATUS extract_pac_vrfy_sigs(TALLOC_CTX *mem_ctx, DATA_BLOB pac_blob,
NULL, /* client_principal */
0, /* tgs_authtime */
p_pac_data);
+ (void)smb_krb5_kt_free_entry(krbctx, &entry);
if (NT_STATUS_IS_OK(status)) {
break;
}
- k5ret = smb_krb5_kt_free_entry(krbctx, &entry);
k5ret = krb5_kt_next_entry(krbctx, keytab, &entry, &cursor);
}
+ if (k5ret != 0 && k5ret != KRB5_KT_END) {
+ DEBUG(1, ("Failed to get next entry: %s\n",
+ error_message(k5ret)));
+ (void)smb_krb5_kt_free_entry(krbctx, &entry);
+ }
k5ret = krb5_kt_end_seq_get(krbctx, keytab, &cursor);
if (k5ret) {

8
SPECS/samba.spec
View File

@ -205,7 +205,7 @@
Name: samba Name: samba
Version: %{samba_version} Version: %{samba_version}
Release: %{samba_release}.0.1%{?dist}.1 Release: %{samba_release}%{?dist}.1
%if 0%{?fedora} %if 0%{?fedora}
Epoch: 2 Epoch: 2
@ -248,9 +248,6 @@ Source202: samba.abignore
Patch0: redhat-4.20.2.patch Patch0: redhat-4.20.2.patch
# Oracle Patches
Patch102: 102-orabug36566309-s3-winbindd-winbindd_pam-fix-leak-in-extract_pac_vrfy_sigs.patch
Requires(pre): %{name}-common = %{samba_depver} Requires(pre): %{name}-common = %{samba_depver}
Requires: %{name}-common = %{samba_depver} Requires: %{name}-common = %{samba_depver}
Requires: %{name}-common-libs = %{samba_depver} Requires: %{name}-common-libs = %{samba_depver}
@ -4613,9 +4610,6 @@ fi
%endif %endif
%changelog %changelog
* Tue May 06 2025 EL Errata <el-errata_ww@oracle.com> - 4.20.2-2.0.1.1
- s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs [Orabug: 36566309]
* Fri Apr 11 2025 Pavel Filipenský <pfilipen@redhat.com> - 4.20.2-2.1 * Fri Apr 11 2025 Pavel Filipenský <pfilipen@redhat.com> - 4.20.2-2.1
- resolves: RHEL-85347 - Fix winbind memory leak - resolves: RHEL-85347 - Fix winbind memory leak