Fix winexe core dump

resolves: #2020376 Guenther
2021-11-05 15:00:31 +01:00 · 2021-11-05 15:00:31 +01:00 · 3c2c163325
parent 331ea7c567
commit 3c2c163325
2 changed files with 67 additions and 1 deletions
--- a/samba-4.15.1-winexe.patch
+++ b/samba-4.15.1-winexe.patch
@ -0,0 +1,61 @@
+From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 4 Nov 2021 22:22:44 +0100
+Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
+
+Guenther
+
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Fri Nov  5 11:43:57 UTC 2021 on sn-devel-184
+
+(cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218)
+---
+ examples/winexe/winexe.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
+index 3e0813a4091..59fb9dbdebb 100644
+--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
+@@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[],
+ 		*port_str = '\0';
+ 	}
+ 
+-	poptFreeContext(pc);
+-
+ 	if (options->runas == NULL && options->runas_file != NULL) {
+ 		struct cli_credentials *runas_cred;
+ 		const char *user;
+@@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[],
+ 
+ 	options->credentials = samba_cmdline_get_creds();
+ 
+-	options->hostname = argv_new[0] + 2;
+	options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2);
+	if (options->hostname == NULL) {
+		DBG_ERR("Out of memory\n");
+		exit(1);
+	}
+ 	options->port = port;
+-	options->cmd = argv_new[1];
+	options->cmd = talloc_strdup(mem_ctx, argv_new[1]);
+	if (options->cmd == NULL) {
+		DBG_ERR("Out of memory\n");
+		exit(1);
+	}
+
+	poptFreeContext(pc);
+ 
+ 	options->flags = flag_interactive;
+ 	if (flag_reinstall) {
+-- 
+2.33.1
+
--- a/samba.spec
+++ b/samba.spec
@ -129,7 +129,7 @@

 %define samba_requires_eq()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")

-%global baserelease 0
+%global baserelease 1

 %global samba_version 4.15.1
 %global talloc_version 2.3.3
@ -200,6 +200,7 @@ Source201:      README.downgrade

 Patch0:         samba-s4u.patch
 Patch1:         samba-ctdb-etcd-reclock.patch
+Patch2:         samba-4.15.1-winexe.patch

 Requires(pre): /usr/sbin/groupadd
 Requires(post): systemd
@ -4079,6 +4080,10 @@ fi
 %endif

 %changelog
+* Fri Nov 05 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.1-1
+- Fix winexe core dump
+- resolves: #2020376
+
 * Wed Oct 27 2021 Guenther Deschner <gdeschner@redhat.com> - 4.15.1-0
 - Update to Samba 4.15.1
 - resolves: #2017847