diff options
| author | Ira Cooper <ira@wakeful.net> | 2012-01-29 20:36:05 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2012-01-29 20:40:43 +0100 |
| commit | 71e7cdcce26c1ed7504760a94cf51e79b2ec570c (patch) | |
| tree | 7872d5d2bb21c14b5b784ae6ff0c41160c1839f5 | |
| parent | 3f117d2bcf33913e7cc3e4b0e01ac98f649fa078 (diff) | |
| download | samba-71e7cdcce26c1ed7504760a94cf51e79b2ec570c.tar.gz | |
s3-smbd: Fix bug #8724.samba-3.6.3
Fix bug #8724 - Memory leak in parent smbd on connection.
This is CVE-2012-0817.
Patch have been created by Ira Cooper <ira@wakeful.net> and
Jeremy Allison <jra@samba.org>.
(cherry picked from commit 964620240c83024bea8bbce0bc282b0851513808)
| -rw-r--r-- | source3/lib/substitute.c | 9 | ||||
| -rw-r--r-- | source3/smbd/server.c | 6 |
2 files changed, 13 insertions, 2 deletions
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index e72a8c3b616..68328e566b0 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -195,7 +195,7 @@ void sub_set_smb_name(const char *name) } static char sub_peeraddr[INET6_ADDRSTRLEN]; -static const char *sub_peername = ""; +static const char *sub_peername = NULL; static char sub_sockaddr[INET6_ADDRSTRLEN]; void sub_set_socket_ids(const char *peeraddr, const char *peername, @@ -208,6 +208,11 @@ void sub_set_socket_ids(const char *peeraddr, const char *peername, } strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr)); + if (sub_peername != NULL && + sub_peername != sub_peeraddr) { + free(discard_const_p(char,sub_peername)); + sub_peername = NULL; + } sub_peername = SMB_STRDUP(peername); if (sub_peername == NULL) { sub_peername = sub_peeraddr; @@ -646,7 +651,7 @@ static char *alloc_sub_basic(const char *smb_name, const char *domain_name, break; case 'M' : a_string = realloc_string_sub(a_string, "%M", - sub_peername); + sub_peername ? sub_peername : ""); break; case 'R' : a_string = realloc_string_sub(a_string, "%R", remote_proto); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 8ac0511f477..db68ace839d 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -64,6 +64,12 @@ static void smbd_set_server_fd(int fd) * name, default to its address. */ + if (sconn->client_id.name != NULL && + sconn->client_id.name != sconn->client_id.addr) { + talloc_free(discard_const_p(char, sconn->client_id.name)); + sconn->client_id.name = NULL; + } + client_addr(fd, sconn->client_id.addr, sizeof(sconn->client_id.addr)); name = client_name(sconn->sock); |