Mercurial > illumos > git > illumos-omnios

changeset 21434:a3098b60c2fc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
11001 smbd segfaults while running smbtorture.rpc Reviewed by: Evan Layton <evan.layton@nexenta.com> Reviewed by: Matt Barden <matt.barden@nexenta.com> Approved by: Garrett D'Amore <garrett@damore.org>
author Gordon Ross <gwr@nexenta.com>
date Fri, 12 Aug 2016 17:30:03 -0400
parents 416a814ef27e
children 7998dda27211
files usr/src/lib/smbsrv/libmlsvc/common/lsalib.c usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c usr/src/lib/smbsrv/libmlsvc/common/winreg_svc.c
diffstat 3 files changed, 14 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/lib/smbsrv/libmlsvc/common/lsalib.c	Sat Aug 13 12:31:38 2016 -0400
+++ b/usr/src/lib/smbsrv/libmlsvc/common/lsalib.c	Fri Aug 12 17:30:03 2016 -0400
@@ -21,7 +21,7 @@
 
 /*
  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
@@ -81,6 +81,9 @@
 	uint32_t status;
 	char *slash;
 
+	if (account == NULL)
+		return (NT_STATUS_NONE_MAPPED);
+
 	(void) strsubst(account, '/', '\\');
 	(void) strcanon(account, "\\");
 	/* \john -> john */
--- a/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c	Sat Aug 13 12:31:38 2016 -0400
+++ b/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c	Fri Aug 12 17:30:03 2016 -0400
@@ -21,7 +21,7 @@
 
 /*
  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2013 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
@@ -1002,11 +1002,11 @@
 
 		status = srvsvc_share_getsd(mxa, &si, &sd);
 		if (status == ERROR_SUCCESS) {
-			info503->shi503_reserved = sd.sd_size;
-			info503->shi503_security_descriptor = sd.sd_buf;
+			info1501->shi1501_reserved = sd.sd_size;
+			info1501->shi1501_security_descriptor = sd.sd_buf;
 		} else {
-			info503->shi503_reserved = 0;
-			info503->shi503_security_descriptor = NULL;
+			info1501->shi1501_reserved = 0;
+			info1501->shi1501_security_descriptor = NULL;
 		}
 
 		param->result.ru.info1501 = info1501;
@@ -1622,8 +1622,8 @@
  * On success, the return value is NERR_Success/ERROR_SUCCESS.
  * On failure, the return value can be one of the following errors:
  *
- * ERROR_ACCESS_DENIED 		The user does not have access to the
- * 				requested information.
+ * ERROR_ACCESS_DENIED		The user does not have access to the
+ *				requested information.
  * ERROR_INVALID_PARAMETER	The specified parameter is invalid.
  * ERROR_NOT_ENOUGH_MEMORY	Insufficient memory is available.
  * NERR_ClientNameNotFound	A session does not exist with that
--- a/usr/src/lib/smbsrv/libmlsvc/common/winreg_svc.c	Sat Aug 13 12:31:38 2016 -0400
+++ b/usr/src/lib/smbsrv/libmlsvc/common/winreg_svc.c	Fri Aug 12 17:30:03 2016 -0400
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
@@ -907,7 +908,8 @@
 
 	name = (char *)param->value_name.str;
 
-	if (strcasecmp(name, "PrimaryModule") == 0) {
+	if (name == NULL ||
+	    strcasecmp(name, "PrimaryModule") == 0) {
 		param->status = ERROR_FILE_NOT_FOUND;
 		return (NDR_DRC_OK);
 	}