|
|
1cae83 |
From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001
|
|
|
1cae83 |
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
|
|
|
1cae83 |
Date: Thu, 4 Nov 2021 22:22:44 +0100
|
|
|
1cae83 |
Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free)
|
|
|
1cae83 |
MIME-Version: 1.0
|
|
|
1cae83 |
Content-Type: text/plain; charset=UTF-8
|
|
|
1cae83 |
Content-Transfer-Encoding: 8bit
|
|
|
1cae83 |
|
|
|
1cae83 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
|
|
|
1cae83 |
|
|
|
1cae83 |
Guenther
|
|
|
1cae83 |
|
|
|
1cae83 |
Signed-off-by: Guenther Deschner <gd@samba.org>
|
|
|
1cae83 |
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
1cae83 |
|
|
|
1cae83 |
Autobuild-User(master): Günther Deschner <gd@samba.org>
|
|
|
1cae83 |
Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
|
|
|
1cae83 |
|
|
|
1cae83 |
(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218)
|
|
|
1cae83 |
---
|
|
|
1cae83 |
examples/winexe/winexe.c | 16 ++++++++++++----
|
|
|
1cae83 |
1 file changed, 12 insertions(+), 4 deletions(-)
|
|
|
1cae83 |
|
|
|
1cae83 |
diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
|
|
|
1cae83 |
index 3e0813a4091..59fb9dbdebb 100644
|
|
|
1cae83 |
--- a/examples/winexe/winexe.c
|
|
|
1cae83 |
+++ b/examples/winexe/winexe.c
|
|
|
1cae83 |
@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[],
|
|
|
1cae83 |
*port_str = '\0';
|
|
|
1cae83 |
}
|
|
|
1cae83 |
|
|
|
1cae83 |
- poptFreeContext(pc);
|
|
|
1cae83 |
-
|
|
|
1cae83 |
if (options->runas == NULL && options->runas_file != NULL) {
|
|
|
1cae83 |
struct cli_credentials *runas_cred;
|
|
|
1cae83 |
const char *user;
|
|
|
1cae83 |
@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[],
|
|
|
1cae83 |
|
|
|
1cae83 |
options->credentials = samba_cmdline_get_creds();
|
|
|
1cae83 |
|
|
|
1cae83 |
- options->hostname = argv_new[0] + 2;
|
|
|
1cae83 |
+ options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2);
|
|
|
1cae83 |
+ if (options->hostname == NULL) {
|
|
|
1cae83 |
+ DBG_ERR("Out of memory\n");
|
|
|
1cae83 |
+ exit(1);
|
|
|
1cae83 |
+ }
|
|
|
1cae83 |
options->port = port;
|
|
|
1cae83 |
- options->cmd = argv_new[1];
|
|
|
1cae83 |
+ options->cmd = talloc_strdup(mem_ctx, argv_new[1]);
|
|
|
1cae83 |
+ if (options->cmd == NULL) {
|
|
|
1cae83 |
+ DBG_ERR("Out of memory\n");
|
|
|
1cae83 |
+ exit(1);
|
|
|
1cae83 |
+ }
|
|
|
1cae83 |
+
|
|
|
1cae83 |
+ poptFreeContext(pc);
|
|
|
1cae83 |
|
|
|
1cae83 |
options->flags = flag_interactive;
|
|
|
1cae83 |
if (flag_reinstall) {
|
|
|
1cae83 |
--
|
|
|
1cae83 |
2.33.1
|
|
|
1cae83 |
|