|
 |
801d0a |
From 41794e74876f3cba648b18b3f4bdedac9717061e Mon Sep 17 00:00:00 2001
|
|
|
801d0a |
From: Jeremy Allison <jra@samba.org>
|
|
|
801d0a |
Date: Thu, 23 May 2019 13:33:21 -0700
|
|
|
801d0a |
Subject: [PATCH] s3: winbind: Fix crash when invoking winbind idmap scripts.
|
|
|
801d0a |
|
|
|
801d0a |
Previously the private context was caching a pointer to
|
|
|
801d0a |
a string returned from lp_XXX(). This string can change
|
|
|
801d0a |
on config file reload. Ensure the string is talloc_strup'ed
|
|
|
801d0a |
onto the owning context instead.
|
|
|
801d0a |
|
|
|
801d0a |
Reported by Heinrich Mislik <Heinrich.Mislik@univie.ac.at>
|
|
|
801d0a |
|
|
|
801d0a |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13956
|
|
|
801d0a |
|
|
|
801d0a |
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
801d0a |
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
|
801d0a |
(cherry picked from commit a1f95ba5db6fc017fad35377fbf76c048f2dd8ab)
|
|
|
801d0a |
---
|
|
|
801d0a |
source3/winbindd/idmap_script.c | 20 ++++++++++++++++----
|
|
|
801d0a |
source3/winbindd/idmap_tdb2.c | 22 +++++++++++++++++-----
|
|
|
801d0a |
2 files changed, 33 insertions(+), 9 deletions(-)
|
|
|
801d0a |
|
|
|
801d0a |
diff --git a/source3/winbindd/idmap_script.c b/source3/winbindd/idmap_script.c
|
|
|
801d0a |
index 7ad6b806fb8..f382f896b35 100644
|
|
|
801d0a |
--- a/source3/winbindd/idmap_script.c
|
|
|
801d0a |
+++ b/source3/winbindd/idmap_script.c
|
|
|
801d0a |
@@ -615,6 +615,7 @@ static NTSTATUS idmap_script_db_init(struct idmap_domain *dom)
|
|
|
801d0a |
NTSTATUS ret;
|
|
|
801d0a |
struct idmap_script_context *ctx;
|
|
|
801d0a |
const char * idmap_script = NULL;
|
|
|
801d0a |
+ const char *ctx_script = NULL;
|
|
|
801d0a |
|
|
|
801d0a |
DEBUG(10, ("%s called ...\n", __func__));
|
|
|
801d0a |
|
|
|
801d0a |
@@ -625,7 +626,7 @@ static NTSTATUS idmap_script_db_init(struct idmap_domain *dom)
|
|
|
801d0a |
goto failed;
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
- ctx->script = idmap_config_const_string(dom->name, "script", NULL);
|
|
|
801d0a |
+ ctx_script = idmap_config_const_string(dom->name, "script", NULL);
|
|
|
801d0a |
|
|
|
801d0a |
/* Do we even need to handle this? */
|
|
|
801d0a |
idmap_script = lp_parm_const_string(-1, "idmap", "script", NULL);
|
|
|
801d0a |
@@ -634,13 +635,24 @@ static NTSTATUS idmap_script_db_init(struct idmap_domain *dom)
|
|
|
801d0a |
" Please use 'idmap config * : script' instead!\n"));
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
- if (strequal(dom->name, "*") && ctx->script == NULL) {
|
|
|
801d0a |
+ if (strequal(dom->name, "*") && ctx_script == NULL) {
|
|
|
801d0a |
/* fall back to idmap:script for backwards compatibility */
|
|
|
801d0a |
- ctx->script = idmap_script;
|
|
|
801d0a |
+ ctx_script = idmap_script;
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
- if (ctx->script) {
|
|
|
801d0a |
+ if (ctx_script) {
|
|
|
801d0a |
DEBUG(1, ("using idmap script '%s'\n", ctx->script));
|
|
|
801d0a |
+ /*
|
|
|
801d0a |
+ * We must ensure this memory is owned by ctx.
|
|
|
801d0a |
+ * The ctx_script const pointer is a pointer into
|
|
|
801d0a |
+ * the config file data and may become invalid
|
|
|
801d0a |
+ * on config file reload. BUG: 13956
|
|
|
801d0a |
+ */
|
|
|
801d0a |
+ ctx->script = talloc_strdup(ctx, ctx_script);
|
|
|
801d0a |
+ if (ctx->script == NULL) {
|
|
|
801d0a |
+ ret = NT_STATUS_NO_MEMORY;
|
|
|
801d0a |
+ goto failed;
|
|
|
801d0a |
+ }
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
dom->private_data = ctx;
|
|
|
801d0a |
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
|
|
|
801d0a |
index b784546bb33..eceab9c0784 100644
|
|
|
801d0a |
--- a/source3/winbindd/idmap_tdb2.c
|
|
|
801d0a |
+++ b/source3/winbindd/idmap_tdb2.c
|
|
|
801d0a |
@@ -522,6 +522,7 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
|
|
|
801d0a |
struct idmap_tdb_common_context *commonctx;
|
|
|
801d0a |
struct idmap_tdb2_context *ctx;
|
|
|
801d0a |
const char * idmap_script = NULL;
|
|
|
801d0a |
+ const char *ctx_script = NULL;
|
|
|
801d0a |
|
|
|
801d0a |
commonctx = talloc_zero(dom, struct idmap_tdb_common_context);
|
|
|
801d0a |
if(!commonctx) {
|
|
|
801d0a |
@@ -543,7 +544,7 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
|
|
|
801d0a |
goto failed;
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
- ctx->script = idmap_config_const_string(dom->name, "script", NULL);
|
|
|
801d0a |
+ ctx_script = idmap_config_const_string(dom->name, "script", NULL);
|
|
|
801d0a |
|
|
|
801d0a |
idmap_script = lp_parm_const_string(-1, "idmap", "script", NULL);
|
|
|
801d0a |
if (idmap_script != NULL) {
|
|
|
801d0a |
@@ -551,13 +552,24 @@ static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
|
|
|
801d0a |
" Please use 'idmap config * : script' instead!\n"));
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
- if (strequal(dom->name, "*") && ctx->script == NULL) {
|
|
|
801d0a |
+ if (strequal(dom->name, "*") && ctx_script == NULL) {
|
|
|
801d0a |
/* fall back to idmap:script for backwards compatibility */
|
|
|
801d0a |
- ctx->script = idmap_script;
|
|
|
801d0a |
+ ctx_script = idmap_script;
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
- if (ctx->script) {
|
|
|
801d0a |
- DEBUG(1, ("using idmap script '%s'\n", ctx->script));
|
|
|
801d0a |
+ if (ctx_script) {
|
|
|
801d0a |
+ DEBUG(1, ("using idmap script '%s'\n", ctx_script));
|
|
|
801d0a |
+ /*
|
|
|
801d0a |
+ * We must ensure this memory is owned by ctx.
|
|
|
801d0a |
+ * The ctx_script const pointer is a pointer into
|
|
|
801d0a |
+ * the config file data and may become invalid
|
|
|
801d0a |
+ * on config file reload. BUG: 13956
|
|
|
801d0a |
+ */
|
|
|
801d0a |
+ ctx->script = talloc_strdup(ctx, ctx_script);
|
|
|
801d0a |
+ if (ctx->script == NULL) {
|
|
|
801d0a |
+ ret = NT_STATUS_NO_MEMORY;
|
|
|
801d0a |
+ goto failed;
|
|
|
801d0a |
+ }
|
|
|
801d0a |
}
|
|
|
801d0a |
|
|
|
801d0a |
commonctx->max_id = dom->high_id;
|
|
|
801d0a |
--
|
|
|
801d0a |
2.22.0.rc1.257.g3120a18244-goog
|
|
|
801d0a |
|