contrib: smb2: backport null-deref fix

291c835c · Thomas Guillem · 2dbee7d1 · 291c835c · 291c835c · 291c835c
Commit 291c835c authored 5 years ago by Thomas Guillem
--- a/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
+++ b/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
-From 91e4b27ec265d2c08890fcee9043a15382d8a54f Mon Sep 17 00:00:00 2001
+From 1bf49f51d27e87230d826b6f482db312c693586f Mon Sep 17 00:00:00 2001
 From: Ronnie Sahlberg <ronniesahlberg@gmail.com>
 Date: Tue, 6 Aug 2019 13:30:51 +1000
-Subject: [PATCH 1/3] ntlmssp: add support for Anonymous logins
+Subject: [PATCH 1/4] ntlmssp: add support for Anonymous logins

 Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
 ---

--- a/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
+++ b/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
-From ea434501d1987ac309f7e9a4070be2f7af6ca01d Mon Sep 17 00:00:00 2001
+From 13800418c0c2a8c1b26bf1acb0810004fb874213 Mon Sep 17 00:00:00 2001
 From: Thomas Guillem <thomas@gllm.fr>
 Date: Tue, 30 Jul 2019 17:46:49 +0200
-Subject: [PATCH 2/3] Fix indent and white spaces
+Subject: [PATCH 2/4] Fix indent and white spaces

 No functional changes.
 ---

--- a/contrib/src/smb2/0003-Fix-getlogin-usage.patch
+++ b/contrib/src/smb2/0003-Fix-getlogin-usage.patch
-From dd506ff5c5d53c529380b637e809f740a49aece7 Mon Sep 17 00:00:00 2001
+From 4801820ba947ca895721ac0a198362409cd94d69 Mon Sep 17 00:00:00 2001
 From: Thomas Guillem <thomas@gllm.fr>
 Date: Tue, 30 Jul 2019 18:02:14 +0200
-Subject: [PATCH 3/3] Fix getlogin() usage
+Subject: [PATCH 3/4] Fix getlogin() usage

 Use the reentrant version (the getlogin() string was statically allocated and
 could be overwritten on subsequent calls).

--- a/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
+++ b/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
+From ada4e70f9aee53421aba23a9a4dbb947470d7c5d Mon Sep 17 00:00:00 2001
+From: Thomas Guillem <thomas@gllm.fr>
+Date: Thu, 8 Aug 2019 15:18:31 +0200
+Subject: [PATCH 4/4] smb2_destroy_context: fix possible null-deref
+
+This could happen when the smb2_close_async() command was aborted
+(smb2_service() not being called).
+---
+ lib/init.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/lib/init.c b/lib/init.c
+index 3c01774..0a279d0 100644
+--- a/lib/init.c
+++ b/lib/init.c
+@@ -245,14 +245,6 @@ void smb2_destroy_context(struct smb2_context *smb2)
+                 smb2->fd = -1;
+         }
+ 
+-        if (smb2->fhs) {
+-                smb2_free_all_fhs(smb2);
+-        }
+-
+-        if (smb2->dirs) {
+-                smb2_free_all_dirs(smb2);
+-        }
+-
+         while (smb2->outqueue) {
+                 struct smb2_pdu *pdu = smb2->outqueue;
+ 
+@@ -273,6 +265,14 @@ void smb2_destroy_context(struct smb2_context *smb2)
+                 smb2->pdu = NULL;
+         }
+ 
+        if (smb2->fhs) {
+                smb2_free_all_fhs(smb2);
+        }
+
+        if (smb2->dirs) {
+                smb2_free_all_dirs(smb2);
+        }
+
+         free(smb2->session_key);
+         smb2->session_key = NULL;
+ 
+-- 
+2.20.1
+
--- a/contrib/src/smb2/rules.mak
+++ b/contrib/src/smb2/rules.mak
@@ -21,6 +21,7 @@ smb2: libsmb2-$(SMB2_VERSION).tar.gz .sum-smb2
 	$(APPLY) $(SRC)/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
 	$(APPLY) $(SRC)/smb2/0002-Fix-indent-and-white-spaces.patch
 	$(APPLY) $(SRC)/smb2/0003-Fix-getlogin-usage.patch
+	$(APPLY) $(SRC)/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
 	$(MOVE)

 .smb2: smb2