| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Bo Yang <boyang@samba.org>
(cherry picked from commit 8c8bb51de1ac2baa46ac0736fae12c034288e5d4)
Fix bug #7206 (duplicate signal handler, signals are processed twice in child
process).
(cherry picked from commit e41d9e75084170fa41a9e313fa79bf351f879840)
|
|
|
|
|
|
|
|
| |
Sync's tevent signal code with 3.5.x tree.
Protects against ev pointer being NULL.
Jeremy
(cherry picked from commit 56290654c0c2056c31e0b348ba0d01e5c28ba89b)
|
|
|
|
|
|
| |
metze
(cherry picked from commit d13dfbeb6c6ab5b20277439da5b95f1a7f2850eb)
(cherry picked from commit 017586bb84a073f03a04ade6fb0bbe26af4112c1)
|
|
|
|
|
|
|
| |
The code was always doubling microseconds when attempting to round up.
Fix bug #6764.
(cherry picked from commit 7f8e6b98822df2ea813e6a7da6a8f14c503935d9)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 1bb68402a2e37f39118eaaaa039ac69e03ba66f2)
(cherry picked from commit a9890fb49d2372edbf2050134bb21450d98ff7f6)
|
|
|
|
|
|
| |
SA_INFO_QUEUE_COUNT *MUST* be a power of 2, in order for the ring buffer wrap to work correctly at the 32 bit boundary. Thanks to Petr Vandrovec <petr@vandrovec.name> for this. (cherry picked from commit c97698e762b1ea8d7133f04ae822225676a6f135)
(cherry picked from commit 161e20843054ecc5745e967da2a9d08ed09229d0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the first signal arrives, tevent_common_signal_handler() crashed: "ev" is
initialized to NULL, so the first "write(ev->pipe_fds[1], &c, 1);" dereferences
NULL.
Rusty, Tridge, please check. Also, can you tell me a bit more about the
environment you tested this in? I'd be curious to see where this survived.
Thanks,
Volker
(cherry picked from commit 23abcd2318c69753aa2a144e1dc0f9cf9efdb705)
(cherry picked from commit 1108225c1316521bf2bb59c9b99b030440af0002)
|
|
|
|
|
|
|
|
|
| |
The "hack_fds" were never closed before; now they're inside event_context
they should be closed when that is destroyed.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit 76d91156c82e20bbd68c752376cb814d71759033)
(cherry picked from commit 5cc105ac513164d66d4661a41d1daa99f28ab928)
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't know if this is a problem in real life.
The code assumes there's only one tevent_context; all signals will notify
the first event context. That's counter-intuitive if you ever use more
than one, and there's nothing else in this code which prevents it AFAICT.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit be4ac227842530d484659f2db683453366326d8b)
(cherry picked from commit 792ab5c34a20bd2b292b642dc96cae62e5ad1ce0)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We carefully preserve the old signal handler, but we replace it before
we've set up everything; in particular, if we fail setting up the
pipe_hack we could write a NUL char to stdout (fd 0), instead of
calling the old signal handler.
Replace the signal handler as the very last thing we do.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit 6abb637e3e0d23635fdbbb91c163731b325d696d)
(cherry picked from commit bd28ae54a635667096e4a0d1010a1c3cce59712f)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be completely honest, I don't quite know whether to laugh or cry at
this one:
1 + (0xFFFFFFFF & ~(s.seen - s.count))
== 1 + (~(s.seen - s.count)) # s.seen, s.count are uint32_t
== s.count - s.seen # -A == ~A + 1
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked from commit 4279879c9847ca069527e11ca934b8906009cad8)
(cherry picked from commit fdcc157d51cce8561df37fa9eed39332772bacb9)
|
|
|
|
|
|
| |
Guenther
(cherry picked from commit 965a079535bd11a7870d45991a0d0628d6579b3b)
(cherry picked from commit c78d2a86f7410b6e09d0c326233e06f09dfc6ddb)
|
|
|
|
|
|
| |
submitted by Petr Vandrovec <petr@vandrovec.name>. Multiple pending signals with siginfo_t's weren't being handled correctly leading to smbd abort with kernel oplock signals. Jeremy (cherry picked from commit ba52f18bfecfd7b0ba22c4ad9e9b5bfd18f34c93)
(cherry picked from commit 4c63af17eda7e22fd6c258524204a44879006db7)
|
|
|
|
|
|
| |
Michael
(cherry picked from commit 5270efab1a8dd06158aa45467958939b677e4b7b)
(cherry picked from commit 1157ff3353b528d285f456d8e946d98bf202a560)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 97a1ed53ca4255ac7fc5643292019ad30c276de5)
(cherry picked from commit 6e8becce900e7686dcd81307722105d175103c06)
|
|
|
|
|
|
|
|
|
| |
This offers a generic way for callers to cancel an
async request.
metze
(cherry picked from commit 45e4be0d96abdc729252df1e97bb9a56302e5a4a)
(cherry picked from commit 0a14a3daa8c1f6d402865b8b1f24d91c64085176)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 95c3d3b5d8fdc05f20c826a48312f1230f036029)
(cherry picked from commit f6d54b0db737f3474820b491488c68de41e8e659)
|
|
|
|
|
|
|
|
| |
defined
metze
(cherry picked from commit 39684d2cbe1c8c69dc9ca5c6e05861e24091bb83)
(cherry picked from commit 80d62cc788211cf2783e315359f832a95b88cdc5)
|
|
|
|
|
|
| |
from commit 5927ca7067a0ead65c00042a62545b0d940f2b2a)
(cherry picked from commit 5a66d5776923647169ab2ae816f6a632b0f4e8aa)
|
|
|
|
|
|
| |
it's zeroed out. Vl & Metze please check. Jeremy. (cherry picked from commit 7be1d727a31b34debbcf8faa1e0bea911112d145)
(cherry picked from commit 620dde3a0fa246ebac35e64f1a99f56415b15e97)
|
|
|
|
|
|
| |
7119241c0d12768b31ebdb489aa0bbba6ca21e40)
(cherry picked from commit be0191b0c416f2fbf03d2cdb0a5ea3e8ce3d58e9)
|
|
|
|
|
|
|
|
|
| |
move publicly needed structures and functions in the public header.
Stop installing internal headers.
Update the signature and exports files with the new exposed
function.
(cherry picked from commit 30b2014a01b31d66dd76e0562c5d769dfacf167b)
(cherry picked from commit 3ee857b058780fd3df915d8dab3e7d4ede682ce8)
|
|
|
|
|
|
|
|
| |
This reverts commit b112cc5503350b248949bdbcce8072f5523ce877.
tevent_util.h is a private header. Must not be installed.
(cherry picked from commit c92505817d6453c100ed52c9c3ab289f5589ce25)
(cherry picked from commit 1e460e95956e9c1352ad9879ed2a9833b96b8746)
|
|
|
|
|
|
|
|
|
| |
Patch for bug #6270
This patch is for the future when samba4 builds using external libraries. With
this patch, tevent now installs tevent_util.h which is required by samba4.
(cherry picked from commit b112cc5503350b248949bdbcce8072f5523ce877)
(cherry picked from commit 6c002a988bd37cc04b488d78c910540b19cac88e)
|
|
|
|
|
|
|
|
|
|
| |
This is a first attempt at exporting symbols only for public functions
We also provide a rudimentary ABI checker that tries to check that
function signatures are not changed by mistake.
Given our use of macros this is not an API checker.
It's all based on tevent.h contents and the gcc -aux-info option
(cherry picked from commit efccef09aec93180a06955b5e03f1ceb99dc39e8)
(cherry picked from commit 5543fc2599b3ec7e3a676f95d8283d0f55113ec5)
|
|
|
|
|
|
| |
commit d0aedeb46e5d2da582b5c030114186f8d755b528)
(cherry picked from commit 000d2835d78b6beb6db573a1946346e01de2ff7d)
|
|
|
|
|
|
|
| |
This is necessary for requests that have multiple results. Examples would be
SMBEcho and ldap_search.
(cherry picked from commit c6f39b46a7b0505331612a1bee15a82f97009f0d)
(cherry picked from commit 8d988b165d373d074b8be321bcc9c20a8e85a6fc)
|
|
|
|
|
|
|
| |
targets
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>(cherry picked from commit cf9636ea99bb5063a8c7d771c1e29f684b4b753a)
(cherry picked from commit d0ab357d3bae114bda2d678049e89272614da713)
|
|
|
|
|
|
| |
released versions of talloc. (cherry picked from commit 72b744f38ebb9f9576c05c7bb0a00de26697ec8f)
(cherry picked from commit ce80afbe3ad7534d659109e60874540531738aaf)
|
|
|
|
|
|
|
|
|
|
|
| |
This module didn't have any functionality that we actually used yet, and
it was quite small.
Tevent is quite low level and perhaps doesn't make much sense to expose
directly as a Python module. It was also causing build problems when used with a
system-tevent. We can always back later if necessary.
(cherry picked from commit 5065cf70f8bf41193d6d33413f2285f62bba0502)
(cherry picked from commit 1d0e302bc49c77542fa39a18d995268e8685d141)
|
|
|
|
|
|
|
| |
This is not ideal, but at least it fixes the build of samba-gtk for now.
I've also added a warning about API guarantees at the top of the header.
(cherry picked from commit 857c3f8322005efd460c2f516a9486a2de059e9f)
(cherry picked from commit 30acc30ce5c01a30a96a6ce80ab99576574d8196)
|
|
|
|
|
|
| |
6230eb94af2305f479db3b76479a0dc841c3d1d5)
(cherry picked from commit c20026a9afe1527f6442e8eedf669d199d8cdb26)
|
|
|
|
|
|
| |
(from Samba). (cherry picked from commit 06864b4469f5f3d77637f8e6c97ec0558289cd29)
(cherry picked from commit 49c97fb7a1bc49b160677fc7fae69b05bd6161a4)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 6f7cd213dd38e770224cf131054862b76069aed8)
(cherry picked from commit 915a516da4ef536d09075e14959cfa7e866f7e7b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only tevent_loop_once and tevent_loop_until() should care
about the nesting level.
This fixes the samba3 printing code where we use tevent_loop_wait()
and don't allow nested events.
We still call the nesting hook for all levels, we need to decide
if we really want this...
metze
(cherry picked from commit 36e7045340bbc7d6567008bdd87c4cdf717835bd)
(cherry picked from commit 01a4ec433627fe36c9eef7a8f1a7f45b86eb8262)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The event nesting code never triggered as nesting.level was never
greater than 1. The main event loop needs to increase the nesting
level by 1.
I also added a paranoia check to the nesting setup call. The API as
currently written cannot support multiple nesting hooks, so we need to
abort if multiple hooks are tried.
(cherry picked from commit 13b6663e23a424473d14324ac229a21e1e90580a)
(cherry picked from commit 6e968a6f12de83be431e6244c34bb3cecf52ee42)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 7d07266ca26f7069269601043b713a91f1a4693c)
(cherry picked from commit c0a0f504e1477648542aae27b8a58d4db4867d84)
|
|
|
|
|
|
|
|
|
|
|
| |
This is very useful to find bugs.
You can use 'p *req' in gdb to show where
tevent_req_done(), tevent_req_error() or tevent_req_nomem()
was called.
metze
(cherry picked from commit 9eaf53d98eced9ea70f411b9936b475c42e4d490)
(cherry picked from commit 8053941b377d3fd2e58e67f68eecb2551be49c10)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 3a831e46204979550dc6ee7652cea6b8296f10c1)
(cherry picked from commit 7fcb16a79681a24ca3b96ec73bc44b43e57c3c8f)
|
|
|
|
|
|
|
|
| |
Now tevent_req_post() never fails
metze
(cherry picked from commit 4bdf299385220988a4fe16f82aab528283204c7f)
(cherry picked from commit d88a254c5d2fbdda642d469924411d4d6d5f8422)
|
|
|
|
|
|
| |
metze
(cherry picked from commit a78cd2a24b818bc7d843a8e56ffaafc9f6578662)
(cherry picked from commit 54af7b9da45dcef881d9fee7c414d363ca6cdab4)
|
|
|
|
|
|
|
|
|
|
| |
They're like directly triggered timed events,
but you can preallocated them and scheduling them
will not fail.
metze
(cherry picked from commit 66886f8966dff8a980a5b9d2daa3fbb20fe5ca8e)
(cherry picked from commit de7125980d237e9a8aa126f155bbc84c96bad37e)
|
|
|
|
|
|
|
|
|
| |
tevent_loop_wait should do the same for all backends.
It should loop as long as we have pending events.
metze
(cherry picked from commit 940e61846e97ba62153d5b977b0823f196607743)
(cherry picked from commit c742112da583809f47e40f2e4b48713d2e81edda)
|
|
|
|
|
|
|
|
|
| |
We also check for signal events directly before and after
the select/epoll calls.
metze
(cherry picked from commit 0139befb915006d6ec9fec2734057c5c50b3c383)
(cherry picked from commit c0bc27fc57260191e35464b63e114163d291d4da)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the logic much simpler for the callers,
and matches the samba3 behavior.
If needed we can add performance tunning for tevent_loop_wait()
later.
metze
(cherry picked from commit 3af7db3dce0e5529114f6969e9905c6d4c65dfe8)
(cherry picked from commit 1eb7ad106499865713c28847f491aae10f37beb7)
|
|
|
|
|
|
| |
metze
(cherry picked from commit 868f3f5f32eccdf68590cdfc5c42e1af970410d7)
(cherry picked from commit 868cc328b189144c49901692206534c9b2729fbd)
|
| |
|
|
|
|
|
|
|
| |
This is only a hack for samba4 and should not be used
in new code.
metze
|
|
|
|
|
|
|
| |
This is an ugly hack to let the s4 server work arround
some bugs related to nested events and uid changing.
metze
|