[vlc-commits] contrib: smb2: backport null-deref fix

Mon Aug 12 09:11:33 CEST 2019

vlc | branch: master | Thomas Guillem <thomas at gllm.fr> | Mon Aug 12 09:03:37 2019 +0200| [291c835c63d6dd5dcc453a2dc678af046bce56f5] | committer: Thomas Guillem

contrib: smb2: backport null-deref fix

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=291c835c63d6dd5dcc453a2dc678af046bce56f5
---

 ...-ntlmssp-add-support-for-Anonymous-logins.patch |  4 +-
 .../smb2/0002-Fix-indent-and-white-spaces.patch    |  4 +-
 contrib/src/smb2/0003-Fix-getlogin-usage.patch     |  4 +-
 ...2_destroy_context-fix-possible-null-deref.patch | 48 ++++++++++++++++++++++
 contrib/src/smb2/rules.mak                         |  1 +
 5 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch b/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
index 11584ed6ac..3be16c99ff 100644
--- a/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
+++ b/contrib/src/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
@@ -1,7 +1,7 @@
-From 91e4b27ec265d2c08890fcee9043a15382d8a54f Mon Sep 17 00:00:00 2001
+From 1bf49f51d27e87230d826b6f482db312c693586f Mon Sep 17 00:00:00 2001
 From: Ronnie Sahlberg <ronniesahlberg at gmail.com>
 Date: Tue, 6 Aug 2019 13:30:51 +1000
-Subject: [PATCH 1/3] ntlmssp: add support for Anonymous logins
+Subject: [PATCH 1/4] ntlmssp: add support for Anonymous logins
 
 Signed-off-by: Ronnie Sahlberg <ronniesahlberg at gmail.com>
 ---
diff --git a/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch b/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
index bf3c7e33fa..66a97508c7 100644
--- a/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
+++ b/contrib/src/smb2/0002-Fix-indent-and-white-spaces.patch
@@ -1,7 +1,7 @@
-From ea434501d1987ac309f7e9a4070be2f7af6ca01d Mon Sep 17 00:00:00 2001
+From 13800418c0c2a8c1b26bf1acb0810004fb874213 Mon Sep 17 00:00:00 2001
 From: Thomas Guillem <thomas at gllm.fr>
 Date: Tue, 30 Jul 2019 17:46:49 +0200
-Subject: [PATCH 2/3] Fix indent and white spaces
+Subject: [PATCH 2/4] Fix indent and white spaces
 
 No functional changes.
 ---
diff --git a/contrib/src/smb2/0003-Fix-getlogin-usage.patch b/contrib/src/smb2/0003-Fix-getlogin-usage.patch
index 00f3c13f14..e639596a7b 100644
--- a/contrib/src/smb2/0003-Fix-getlogin-usage.patch
+++ b/contrib/src/smb2/0003-Fix-getlogin-usage.patch
@@ -1,7 +1,7 @@
-From dd506ff5c5d53c529380b637e809f740a49aece7 Mon Sep 17 00:00:00 2001
+From 4801820ba947ca895721ac0a198362409cd94d69 Mon Sep 17 00:00:00 2001
 From: Thomas Guillem <thomas at gllm.fr>
 Date: Tue, 30 Jul 2019 18:02:14 +0200
-Subject: [PATCH 3/3] Fix getlogin() usage
+Subject: [PATCH 3/4] Fix getlogin() usage
 
 Use the reentrant version (the getlogin() string was statically allocated and
 could be overwritten on subsequent calls).
diff --git a/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch b/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
new file mode 100644
index 0000000000..f5327b64cb
--- /dev/null
+++ b/contrib/src/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
@@ -0,0 +1,48 @@
+From ada4e70f9aee53421aba23a9a4dbb947470d7c5d Mon Sep 17 00:00:00 2001
+From: Thomas Guillem <thomas at gllm.fr>
+Date: Thu, 8 Aug 2019 15:18:31 +0200
+Subject: [PATCH 4/4] smb2_destroy_context: fix possible null-deref
+
+This could happen when the smb2_close_async() command was aborted
+(smb2_service() not being called).
+---
+ lib/init.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/lib/init.c b/lib/init.c
+index 3c01774..0a279d0 100644
+--- a/lib/init.c
++++ b/lib/init.c
+@@ -245,14 +245,6 @@ void smb2_destroy_context(struct smb2_context *smb2)
+                 smb2->fd = -1;
+         }
+ 
+-        if (smb2->fhs) {
+-                smb2_free_all_fhs(smb2);
+-        }
+-
+-        if (smb2->dirs) {
+-                smb2_free_all_dirs(smb2);
+-        }
+-
+         while (smb2->outqueue) {
+                 struct smb2_pdu *pdu = smb2->outqueue;
+ 
+@@ -273,6 +265,14 @@ void smb2_destroy_context(struct smb2_context *smb2)
+                 smb2->pdu = NULL;
+         }
+ 
++        if (smb2->fhs) {
++                smb2_free_all_fhs(smb2);
++        }
++
++        if (smb2->dirs) {
++                smb2_free_all_dirs(smb2);
++        }
++
+         free(smb2->session_key);
+         smb2->session_key = NULL;
+ 
+-- 
+2.20.1
+
diff --git a/contrib/src/smb2/rules.mak b/contrib/src/smb2/rules.mak
index 5d6132ee05..1cee854204 100644
--- a/contrib/src/smb2/rules.mak
+++ b/contrib/src/smb2/rules.mak
@@ -21,6 +21,7 @@ smb2: libsmb2-$(SMB2_VERSION).tar.gz .sum-smb2
 	$(APPLY) $(SRC)/smb2/0001-ntlmssp-add-support-for-Anonymous-logins.patch
 	$(APPLY) $(SRC)/smb2/0002-Fix-indent-and-white-spaces.patch
 	$(APPLY) $(SRC)/smb2/0003-Fix-getlogin-usage.patch
+	$(APPLY) $(SRC)/smb2/0004-smb2_destroy_context-fix-possible-null-deref.patch
 	$(MOVE)
 
 .smb2: smb2

