Commit 4997c888 authored by Thomas Guillem's avatar Thomas Guillem

libvlc: backport smb2 patches

This commit fixes a possible null-deref when stopping a smb2 session.
parent 828ffce2
Pipeline #8879 passed with stage
in 20 minutes and 30 seconds
From 8181eb1f5b872c51879f155318b6218f49b73171 Mon Sep 17 00:00:00 2001
Message-Id: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
From d5029395e74cc8be048da4ae9d808a82431c99aa Mon Sep 17 00:00:00 2001
Message-Id: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
From: Thomas Guillem <thomas@gllm.fr>
Date: Fri, 13 Apr 2018 16:15:16 +0200
Subject: [PATCH 1/6] access: add smb2 module
......@@ -15,20 +15,26 @@ allow to use Builtin NTLMSSP authentication instead of libkrb5.
---
configure.ac | 14 +-
...ssp-add-support-for-Anonymous-logins.patch | 219 ++++++
.../0002-Fix-indent-and-white-spaces.patch | 97 +++
.../src/smb2/0003-Fix-getlogin-usage.patch | 70 ++
...troy_context-fix-possible-null-deref.patch | 48 ++
contrib/src/smb2/SHA512SUMS | 1 +
contrib/src/smb2/rules.mak | 28 +
contrib/src/smb2/rules.mak | 31 +
modules/MODULES_LIST | 1 +
modules/access/Makefile.am | 11 +
modules/access/smb2.c | 712 ++++++++++++++++++
modules/access/smb2.c | 731 ++++++++++++++++++
po/POTFILES.in | 1 +
8 files changed, 986 insertions(+), 1 deletion(-)
11 files changed, 1223 insertions(+), 1 deletion(-)
create mode 100644 contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
create mode 100644 contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
create mode 100644 contrib/src/smb2/0003-Fix-getlogin-usage.patch
create mode 100644 contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
create mode 100644 contrib/src/smb2/SHA512SUMS
create mode 100644 contrib/src/smb2/rules.mak
create mode 100644 modules/access/smb2.c
diff --git a/configure.ac b/configure.ac
index 4909c43539..784f5518ad 100644
index 500fb17232..1d745affba 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1854,7 +1854,14 @@ AS_IF([test "${SYS}" = "mingw32" -a "${enable_winstore_app}" != "yes"], [ VLC_AD
......@@ -61,14 +67,14 @@ index 4909c43539..784f5518ad 100644
dnl
diff --git a/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch b/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
new file mode 100644
index 0000000000..433472086f
index 0000000000..3be16c99ff
--- /dev/null
+++ b/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
@@ -0,0 +1,219 @@
+From 91e4b27ec265d2c08890fcee9043a15382d8a54f Mon Sep 17 00:00:00 2001
+From 1bf49f51d27e87230d826b6f482db312c693586f Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <ronniesahlberg@gmail.com>
+Date: Tue, 6 Aug 2019 13:30:51 +1000
+Subject: [PATCH] ntlmssp: add support for Anonymous logins
+Subject: [PATCH 1/4] ntlmssp: add support for Anonymous logins
+
+Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
+---
......@@ -284,6 +290,239 @@ index 0000000000..433472086f
+--
+2.20.1
+
diff --git a/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch b/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
new file mode 100644
index 0000000000..66a97508c7
--- /dev/null
+++ b/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
@@ -0,0 +1,97 @@
+From 13800418c0c2a8c1b26bf1acb0810004fb874213 Mon Sep 17 00:00:00 2001
+From: Thomas Guillem <thomas@gllm.fr>
+Date: Tue, 30 Jul 2019 17:46:49 +0200
+Subject: [PATCH 2/4] Fix indent and white spaces
+
+No functional changes.
+---
+ lib/init.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/lib/init.c b/lib/init.c
+index e6cf1e5..eab69a5 100644
+--- a/lib/init.c
++++ b/lib/init.c
+@@ -69,12 +69,12 @@ smb2_parse_args(struct smb2_context *smb2, const char *args)
+ while (args && *args != 0) {
+ char *next, *value;
+
+- next = strchr(args, '&');
++ next = strchr(args, '&');
+ if (next) {
+ *(next++) = '\0';
+ }
+
+- value = strchr(args, '=');
++ value = strchr(args, '=');
+ if (value) {
+ *(value++) = '\0';
+ }
+@@ -135,7 +135,7 @@ struct smb2_url *smb2_parse_url(struct smb2_context *smb2, const char *url)
+ smb2_set_error(smb2, "URL is too long");
+ return NULL;
+ }
+- strncpy(str, url + 6, MAX_URL_SIZE);
++ strncpy(str, url + 6, MAX_URL_SIZE);
+
+ args = strchr(str, '?');
+ if (args) {
+@@ -165,7 +165,7 @@ struct smb2_url *smb2_parse_url(struct smb2_context *smb2, const char *url)
+ *(tmp++) = '\0';
+ u->user = strdup(ptr);
+ ptr = tmp;
+- }
++ }
+ /* server */
+ if ((tmp = strchr(ptr, '/')) != NULL) {
+ *(tmp++) = '\0';
+@@ -287,7 +287,7 @@ void smb2_destroy_context(struct smb2_context *smb2)
+ void smb2_free_iovector(struct smb2_context *smb2, struct smb2_io_vectors *v)
+ {
+ int i;
+-
++
+ for (i = 0; i < v->niov; i++) {
+ if (v->iov[i].free) {
+ v->iov[i].free(v->iov[i].buf);
+@@ -316,25 +316,25 @@ struct smb2_iovec *smb2_add_iovector(struct smb2_context *smb2,
+
+ void smb2_set_error(struct smb2_context *smb2, const char *error_string, ...)
+ {
+- va_list ap;
+- char errstr[MAX_ERROR_SIZE] = {0};
++ va_list ap;
++ char errstr[MAX_ERROR_SIZE] = {0};
+
+- va_start(ap, error_string);
+- if (vsnprintf(errstr, MAX_ERROR_SIZE, error_string, ap) < 0) {
+- strncpy(errstr, "could not format error string!",
++ va_start(ap, error_string);
++ if (vsnprintf(errstr, MAX_ERROR_SIZE, error_string, ap) < 0) {
++ strncpy(errstr, "could not format error string!",
+ MAX_ERROR_SIZE);
+- }
+- va_end(ap);
+- if (smb2 != NULL) {
+- strncpy(smb2->error_string, errstr, MAX_ERROR_SIZE);
+- }
++ }
++ va_end(ap);
++ if (smb2 != NULL) {
++ strncpy(smb2->error_string, errstr, MAX_ERROR_SIZE);
++ }
+ }
+
+ const char *smb2_get_error(struct smb2_context *smb2)
+ {
+- return smb2 ? smb2->error_string : "";
++ return smb2 ? smb2->error_string : "";
+ }
+-
++
+ const char *smb2_get_client_guid(struct smb2_context *smb2)
+ {
+ return smb2->client_guid;
+--
+2.20.1
+
diff --git a/contrib/src/smb2/0003-Fix-getlogin-usage.patch b/contrib/src/smb2/0003-Fix-getlogin-usage.patch
new file mode 100644
index 0000000000..91776d9f5f
--- /dev/null
+++ b/contrib/src/smb2/0003-Fix-getlogin-usage.patch
@@ -0,0 +1,70 @@
+From 434a880dc7f304eafb2377e26d47d93187109b14 Mon Sep 17 00:00:00 2001
+From: Thomas Guillem <thomas@gllm.fr>
+Date: Tue, 30 Jul 2019 18:02:14 +0200
+Subject: [PATCH 3/4] Fix getlogin() usage
+
+Use the reentrant version (the getlogin() string was statically allocated and
+could be overwritten on subsequent calls).
+
+Also check for error and use "Guest" as a fallback.
+---
+ lib/init.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/lib/init.c b/lib/init.c
+index eab69a5..4387cd0 100644
+--- a/lib/init.c
++++ b/lib/init.c
+@@ -52,17 +52,27 @@
+ #define MAX_URL_SIZE 256
+
+ #ifdef _MSC_VER
+-#define getlogin() "Guest"
++#include <errno.h>
++#define getlogin_r(a,b) ENXIO
+ #define random rand
+ #define getpid GetCurrentProcessId
+ #endif // _MSC_VER
+
+ #ifdef ESP_PLATFORM
++#include <errno.h>
+ #include <esp_system.h>
+ #define random esp_random
+-#define getlogin() "Guest"
++#define getlogin_r(a,b) ENXIO
+ #endif
+
++#ifdef __ANDROID__
++#include <errno.h>
++// getlogin_r() was added in API 28
++#if __ANDROID_API__ < 28
++#define getlogin_r(a,b) ENXIO
++#endif
++#endif // __ANDROID__
++
+ static int
+ smb2_parse_args(struct smb2_context *smb2, const char *args)
+ {
+@@ -206,7 +216,8 @@ void smb2_destroy_url(struct smb2_url *url)
+ struct smb2_context *smb2_init_context(void)
+ {
+ struct smb2_context *smb2;
+- int i;
++ char buf[1024];
++ int i, ret;
+
+ smb2 = malloc(sizeof(struct smb2_context));
+ if (smb2 == NULL) {
+@@ -214,7 +225,8 @@ struct smb2_context *smb2_init_context(void)
+ }
+ memset(smb2, 0, sizeof(struct smb2_context));
+
+- smb2_set_user(smb2, getlogin());
++ ret = getlogin_r(buf, sizeof(buf));
++ smb2_set_user(smb2, ret == 0 ? buf : "Guest");
+ smb2->fd = -1;
+ smb2->sec = SMB2_SEC_UNDEFINED;
+ smb2->version = SMB2_VERSION_ANY;
+--
+2.20.1
+
diff --git a/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch b/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
new file mode 100644
index 0000000000..ec8f9331b3
--- /dev/null
+++ b/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
@@ -0,0 +1,48 @@
+From 6e2126a854292621548948a3d30e6023943d7c99 Mon Sep 17 00:00:00 2001
+From: Thomas Guillem <thomas@gllm.fr>
+Date: Thu, 8 Aug 2019 15:18:31 +0200
+Subject: [PATCH 4/4] smb2_destroy_context: fix possible null-deref
+
+This could happen when the smb2_close_async() command was aborted
+(smb2_service() not being called).
+---
+ lib/init.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/lib/init.c b/lib/init.c
+index 4387cd0..03903fb 100644
+--- a/lib/init.c
++++ b/lib/init.c
+@@ -255,14 +255,6 @@ void smb2_destroy_context(struct smb2_context *smb2)
+ smb2->fd = -1;
+ }
+
+- if (smb2->fhs) {
+- smb2_free_all_fhs(smb2);
+- }
+-
+- if (smb2->dirs) {
+- smb2_free_all_dirs(smb2);
+- }
+-
+ while (smb2->outqueue) {
+ struct smb2_pdu *pdu = smb2->outqueue;
+
+@@ -283,6 +275,14 @@ void smb2_destroy_context(struct smb2_context *smb2)
+ smb2->pdu = NULL;
+ }
+
++ if (smb2->fhs) {
++ smb2_free_all_fhs(smb2);
++ }
++
++ if (smb2->dirs) {
++ smb2_free_all_dirs(smb2);
++ }
++
+ free(smb2->session_key);
+ smb2->session_key = NULL;
+
+--
+2.20.1
+
diff --git a/contrib/src/smb2/SHA512SUMS b/contrib/src/smb2/SHA512SUMS
new file mode 100644
index 0000000000..668b39e377
......@@ -293,10 +532,10 @@ index 0000000000..668b39e377
+08f421182a08f54d7a50afbfd83609093c1a62b24f7abe2a56ec833a36570916b20c8f046fcdb5ba8c8ed0311a19e8338b75839cd7cf752fc5b33a1367cf839f libsmb2-3.0.0.tar.gz
diff --git a/contrib/src/smb2/rules.mak b/contrib/src/smb2/rules.mak
new file mode 100644
index 0000000000..52dfdcb15a
index 0000000000..1cee854204
--- /dev/null
+++ b/contrib/src/smb2/rules.mak
@@ -0,0 +1,28 @@
@@ -0,0 +1,31 @@
+# SMB2
+SMB2_VERSION := 3.0.0
+SMB2_URL := https://github.com/sahlberg/libsmb2/archive/v$(SMB2_VERSION).tar.gz
......@@ -318,6 +557,9 @@ index 0000000000..52dfdcb15a
+smb2: libsmb2-$(SMB2_VERSION).tar.gz .sum-smb2
+ $(UNPACK)
+ $(APPLY) $(SRC)/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
+ $(APPLY) $(SRC)/smb2/0002-Fix-indent-and-white-spaces.patch
+ $(APPLY) $(SRC)/smb2/0003-Fix-getlogin-usage.patch
+ $(APPLY) $(SRC)/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
+ $(MOVE)
+
+.smb2: smb2
......@@ -361,10 +603,10 @@ index 765ceec45f..2a773029e3 100644
access_LTLIBRARIES += libtcp_plugin.la
diff --git a/modules/access/smb2.c b/modules/access/smb2.c
new file mode 100644
index 0000000000..05cc8594eb
index 0000000000..2c8a4a1b43
--- /dev/null
+++ b/modules/access/smb2.c
@@ -0,0 +1,712 @@
@@ -0,0 +1,731 @@
+/*****************************************************************************
+ * smb2.c: SMB2 access plug-in
+ *****************************************************************************
......@@ -502,17 +744,20 @@ index 0000000000..05cc8594eb
+static int
+vlc_smb2_mainloop(stream_t *access, bool teardown)
+{
+#define TEARDOWN_TIMEOUT 250 /* in ms */
+ struct access_sys *sys = access->p_sys;
+
+ int timeout = -1;
+ int (*poll_func)(struct pollfd *, unsigned, int) = vlc_poll_i11e;
+
+ if (teardown && vlc_killed())
+ if (teardown)
+ {
+ /* The thread is interrupted, so vlc_poll_i11e will return immediatly.
+ * Use poll() with a timeout instead for tear down. */
+ timeout = 500;
+ /* Don't use vlc_poll_i11e that will return immediately with the EINTR
+ * errno if VLC's input is interrupted. Use the posix poll with a
+ * timeout to let a chance for a clean teardown. */
+ timeout = TEARDOWN_TIMEOUT;
+ poll_func = (void *)poll;
+ sys->error_status = 0;
+ }
+
+ sys->res_done = false;
......@@ -526,11 +771,27 @@ index 0000000000..05cc8594eb
+ if (p_fds[0].fd == -1 || (ret = poll_func(p_fds, 1, timeout)) < 0)
+ {
+ if (errno == EINTR)
+ {
+ msg_Warn(access, "vlc_poll_i11e interrupted");
+ if (poll_func != (void *) poll)
+ {
+ /* Try again with a timeout to let the command complete.
+ * Indeed, if this command is interrupted, every future
+ * commands will fail and we won't be able to teardown. */
+ timeout = TEARDOWN_TIMEOUT;
+ poll_func = (void *) poll;
+ }
+ else
+ sys->error_status = -errno;
+ }
+ else
+ {
+ msg_Err(access, "vlc_poll_i11e failed");
+ sys->error_status = -errno;
+ sys->error_status = -errno;
+ }
+ }
+ else if (ret == 0)
+ sys->error_status = -ETIMEDOUT;
+ else if (ret > 0 && p_fds[0].revents
+ && smb2_service(sys->smb2, p_fds[0].revents) < 0)
+ VLC_SMB2_SET_GENERIC_ERROR(access, "smb2_service");
......
From f94921c24481e1e11fd26712e458ad0fa20b2635 Mon Sep 17 00:00:00 2001
Message-Id: <f94921c24481e1e11fd26712e458ad0fa20b2635.1565088614.git.thomas@gllm.fr>
In-Reply-To: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
References: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
From 7bf6561a375ce8c8a362c1004e8e239c8be01d41 Mon Sep 17 00:00:00 2001
Message-Id: <7bf6561a375ce8c8a362c1004e8e239c8be01d41.1565597364.git.thomas@gllm.fr>
In-Reply-To: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
References: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
From: =?UTF-8?q?Hugo=20Beauz=C3=A9e-Luyssen?= <hugo@beauzee.fr>
Date: Thu, 28 Mar 2019 15:23:48 +0100
Subject: [PATCH 2/6] compat: Workaround sendmsg bug on android
......@@ -49,7 +49,7 @@ index 0f42e782f8..8d69048746 100644
#else
#error sendmsg not implemented on your platform!
diff --git a/configure.ac b/configure.ac
index 784f5518ad..ea4c6d43f7 100644
index 1d745affba..21f6c8fa9d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -365,6 +365,9 @@ AS_IF([test "$SYS" = linux],[
......
From 8188b040afaef381a473bc764dc97cba26991069 Mon Sep 17 00:00:00 2001
Message-Id: <8188b040afaef381a473bc764dc97cba26991069.1565088614.git.thomas@gllm.fr>
In-Reply-To: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
References: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
From 3f7921570d85446cb27aa9d34703be7224013653 Mon Sep 17 00:00:00 2001
Message-Id: <3f7921570d85446cb27aa9d34703be7224013653.1565597364.git.thomas@gllm.fr>
In-Reply-To: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
References: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
From: Soomin Lee <bubu@mikan.io>
Date: Thu, 27 Sep 2018 18:40:39 +0200
Subject: [PATCH 3/6] libvlc: events: Add callbacks for record
......
From c63130ac155443677fccddf143cc2c7fc4158e4d Mon Sep 17 00:00:00 2001
Message-Id: <c63130ac155443677fccddf143cc2c7fc4158e4d.1565088614.git.thomas@gllm.fr>
In-Reply-To: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
References: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
From 5ddcb565fb066e9437a53d1e3577ee889fe4634f Mon Sep 17 00:00:00 2001
Message-Id: <5ddcb565fb066e9437a53d1e3577ee889fe4634f.1565597364.git.thomas@gllm.fr>
In-Reply-To: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
References: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
From: =?UTF-8?q?Hugo=20Beauz=C3=A9e-Luyssen?= <hugo@beauzee.fr>
Date: Fri, 29 Mar 2019 10:56:26 +0100
Subject: [PATCH 4/6] network: tls: Handle errors from older kernels
......
From dfb83a71d0ac1a5094afa320df647481afc5a78f Mon Sep 17 00:00:00 2001
Message-Id: <dfb83a71d0ac1a5094afa320df647481afc5a78f.1565088614.git.thomas@gllm.fr>
In-Reply-To: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
References: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
From 04227a406102585959981cd6e11bc347e07fedfa Mon Sep 17 00:00:00 2001
Message-Id: <04227a406102585959981cd6e11bc347e07fedfa.1565597364.git.thomas@gllm.fr>
In-Reply-To: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
References: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
From: Soomin Lee <bubu@mikan.io>
Date: Mon, 1 Oct 2018 15:37:57 +0200
Subject: [PATCH 5/6] access_output: file: Add error dialog for write/open
......
From c1f72f15b9577944850c9ba80b636275c0517bcd Mon Sep 17 00:00:00 2001
Message-Id: <c1f72f15b9577944850c9ba80b636275c0517bcd.1565088614.git.thomas@gllm.fr>
In-Reply-To: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
References: <8181eb1f5b872c51879f155318b6218f49b73171.1565088614.git.thomas@gllm.fr>
From 7bcfa93cebe9d34cad19b9eb2f4a416e9f11d931 Mon Sep 17 00:00:00 2001
Message-Id: <7bcfa93cebe9d34cad19b9eb2f4a416e9f11d931.1565597364.git.thomas@gllm.fr>
In-Reply-To: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
References: <d5029395e74cc8be048da4ae9d808a82431c99aa.1565597364.git.thomas@gllm.fr>
From: Soomin Lee <bubu@mikan.io>
Date: Wed, 31 Oct 2018 10:08:55 +0100
Subject: [PATCH 6/6] libvlc: media_player: Add record method
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment