Mercurial > illumos > git > illumos-omnios
changeset 21434:a3098b60c2fc
11001 smbd segfaults while running smbtorture.rpc
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Approved by: Garrett D'Amore <garrett@damore.org>
author | Gordon Ross <gwr@nexenta.com> |
---|---|
date | Fri, 12 Aug 2016 17:30:03 -0400 |
parents | 416a814ef27e |
children | 7998dda27211 |
files | usr/src/lib/smbsrv/libmlsvc/common/lsalib.c usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c usr/src/lib/smbsrv/libmlsvc/common/winreg_svc.c |
diffstat | 3 files changed, 14 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/smbsrv/libmlsvc/common/lsalib.c Sat Aug 13 12:31:38 2016 -0400 +++ b/usr/src/lib/smbsrv/libmlsvc/common/lsalib.c Fri Aug 12 17:30:03 2016 -0400 @@ -21,7 +21,7 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2015 Nexenta Systems, Inc. All rights reserved. + * Copyright 2016 Nexenta Systems, Inc. All rights reserved. */ /* @@ -81,6 +81,9 @@ uint32_t status; char *slash; + if (account == NULL) + return (NT_STATUS_NONE_MAPPED); + (void) strsubst(account, '/', '\\'); (void) strcanon(account, "\\"); /* \john -> john */
--- a/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c Sat Aug 13 12:31:38 2016 -0400 +++ b/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c Fri Aug 12 17:30:03 2016 -0400 @@ -21,7 +21,7 @@ /* * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + * Copyright 2016 Nexenta Systems, Inc. All rights reserved. */ /* @@ -1002,11 +1002,11 @@ status = srvsvc_share_getsd(mxa, &si, &sd); if (status == ERROR_SUCCESS) { - info503->shi503_reserved = sd.sd_size; - info503->shi503_security_descriptor = sd.sd_buf; + info1501->shi1501_reserved = sd.sd_size; + info1501->shi1501_security_descriptor = sd.sd_buf; } else { - info503->shi503_reserved = 0; - info503->shi503_security_descriptor = NULL; + info1501->shi1501_reserved = 0; + info1501->shi1501_security_descriptor = NULL; } param->result.ru.info1501 = info1501; @@ -1622,8 +1622,8 @@ * On success, the return value is NERR_Success/ERROR_SUCCESS. * On failure, the return value can be one of the following errors: * - * ERROR_ACCESS_DENIED The user does not have access to the - * requested information. + * ERROR_ACCESS_DENIED The user does not have access to the + * requested information. * ERROR_INVALID_PARAMETER The specified parameter is invalid. * ERROR_NOT_ENOUGH_MEMORY Insufficient memory is available. * NERR_ClientNameNotFound A session does not exist with that
--- a/usr/src/lib/smbsrv/libmlsvc/common/winreg_svc.c Sat Aug 13 12:31:38 2016 -0400 +++ b/usr/src/lib/smbsrv/libmlsvc/common/winreg_svc.c Fri Aug 12 17:30:03 2016 -0400 @@ -21,6 +21,7 @@ /* * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2016 Nexenta Systems, Inc. All rights reserved. */ /* @@ -907,7 +908,8 @@ name = (char *)param->value_name.str; - if (strcasecmp(name, "PrimaryModule") == 0) { + if (name == NULL || + strcasecmp(name, "PrimaryModule") == 0) { param->status = ERROR_FILE_NOT_FOUND; return (NDR_DRC_OK); }