From a3be00049bfa8bb7e66382f3770206e27c673be0 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 22 Jan 2016 12:00:27 +0200 Subject: [PATCH] Fix bug #1300038 PANIC: Bad talloc magic value - wrong talloc version used/mixed --- ...-defaults-when-removing-global-param.patch | 65 +++++++++++++++++++ samba.spec | 8 ++- 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 samba-4.3-s3-parm-clean-up-defaults-when-removing-global-param.patch diff --git a/samba-4.3-s3-parm-clean-up-defaults-when-removing-global-param.patch b/samba-4.3-s3-parm-clean-up-defaults-when-removing-global-param.patch new file mode 100644 index 0000000..0ffea94 --- /dev/null +++ b/samba-4.3-s3-parm-clean-up-defaults-when-removing-global-param.patch @@ -0,0 +1,65 @@ +From d8a03eeab8ece3d9001b087fc658272174f92a25 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Fri, 22 Jan 2016 11:44:03 +0200 +Subject: [PATCH] s3-parm: clean up defaults when removing global parameters + +When globals are re-initialized, they are cleared and globals' talloc +context is freed. However, parm_table still contains a reference to the +global value in the defaults. This confuses lpcfg_string_free() after +commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to +free already freed pointer which is passed by lp_save_defaults(): + +.... + case P_STRING: + case P_USTRING: + lpcfg_string_set(Globals.ctx, + &parm_table[i].def.svalue, + *(char **)lp_parm_ptr(NULL, &parm_table[i])); +.... + +here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it +is a pointer to a value allocated with previous Globals.ctx which +already was freed. + +This specifically affects registry backend of smb.conf in lp_load_ex() +where init_globals() called explicitly to re-init globals after +lp_save_defaults() if we have registry backend defined. + +Signed-off-by: Alexander Bokovoy +--- + source3/param/loadparm.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index 9f4a2b4..f8ecab7 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -399,8 +399,25 @@ static void free_parameters_by_snum(int snum) + */ + static void free_global_parameters(void) + { ++ uint32_t i; ++ struct parm_struct *parm; ++ + free_param_opts(&Globals.param_opt); + free_parameters_by_snum(GLOBAL_SECTION_SNUM); ++ ++ /* Reset references in the defaults because the context is going to be freed */ ++ for (i=0; parm_table[i].label; i++) { ++ parm = &parm_table[i]; ++ if ((parm->type == P_STRING) || ++ (parm->type == P_USTRING)) { ++ if ((parm->def.svalue != NULL) && ++ (*(parm->def.svalue) != '\0')) { ++ if (talloc_parent(parm->def.svalue) == Globals.ctx) { ++ parm->def.svalue = NULL; ++ } ++ } ++ } ++ } + TALLOC_FREE(Globals.ctx); + } + +-- +2.5.0 + diff --git a/samba.spec b/samba.spec index 9406a1a..b756055 100644 --- a/samba.spec +++ b/samba.spec @@ -6,7 +6,7 @@ # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering -%define main_release 0 +%define main_release 1 %define samba_version 4.3.4 %define talloc_version 2.1.3 @@ -107,6 +107,8 @@ Source6: samba.pamd Source200: README.dc Source201: README.downgrade +Patch1: samba-4.3-s3-parm-clean-up-defaults-when-removing-global-param.patch + BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires(pre): /usr/sbin/groupadd @@ -670,6 +672,7 @@ and use CTDB instead. %prep %setup -q -n samba-%{version}%{pre_release} +%patch1 -p1 %build %global _talloc_lib ,talloc,pytalloc,pytalloc-util @@ -1978,6 +1981,9 @@ rm -rf %{buildroot} %endif # with_clustering_support %changelog +* Fri Jan 22 2016 Alexander Bokovoy - 4.3.4-1 +- resolves: #1300038 - PANIC: Bad talloc magic value - wrong talloc version used/mixed + * Tue Jan 12 2016 Guenther Deschner - 4.3.4-0 - resolves: #1261230 - Update to Samba 4.3.4