samba.git/source3/lib/tldap.c, branch talloc-2.3.4 Unnamed repository; edit this file 'description' to name the repository. lib: Align integer types 2020-12-04T21:08:38+00:00 Volker Lendecke vl@samba.org 2020-11-30T12:39:15+00:00 441fdc1280bc2158a3bc7cf9c9896cf93b7c8be3 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
tldap: Receiving "msgid == 0" means the connection is dead 2020-08-21T20:37:24+00:00 Volker Lendecke vl@samba.org 2020-08-11T16:09:14+00:00 ccaf661f7c75717341140e3fbfb2a48f96ea952c We never use msgid=0, see tldap_next_msgid(). RFC4511 section 4.4.1 says that the unsolicited disconnect response uses msgid 0. We don't parse this message, which supposedly is an extended response: Windows up to 2019 sends an extended response in an ASN.1 encoding that does not match RFC4511. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Aug 21 20:37:25 UTC 2020 on sn-devel-184 
We never use msgid=0, see tldap_next_msgid(). RFC4511 section 4.4.1
says that the unsolicited disconnect response uses msgid 0. We don't
parse this message, which supposedly is an extended response: Windows
up to 2019 sends an extended response in an ASN.1 encoding that does
not match RFC4511.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 21 20:37:25 UTC 2020 on sn-devel-184
tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug() 2020-08-21T19:14:33+00:00 Volker Lendecke vl@samba.org 2020-08-12T11:26:18+00:00 a2b281bed022c04427ef478529462ff84fe42908 Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
tldap: Make sure all requests are cancelled on rundown 2020-08-21T19:14:33+00:00 Volker Lendecke vl@samba.org 2020-08-11T15:44:42+00:00 2a2a6b27cccb2409d321c7e03feb8baa047d1bf4 Put messages into the ld->pending array before sending them out, not after they have been sent. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Put messages into the ld->pending array before sending them out, not
after they have been sent.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
tldap: Centralize connection rundown on error 2020-08-21T19:14:33+00:00 Volker Lendecke vl@samba.org 2020-08-11T15:30:22+00:00 f745f5b12560dbcb7be6f3ffb3bc10704c87149c Whenever send or recv return -1, we have to cancel all pending requests and our transport stream is no longer usable: Discard it upon such an error. To avoid duplicate state, tldap_connection_ok() now looks at whether we have a tstream_context around. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Whenever send or recv return -1, we have to cancel all pending
requests and our transport stream is no longer usable: Discard it upon
such an error.

To avoid duplicate state, tldap_connection_ok() now looks at whether
we have a tstream_context around.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
tldap: Maintain the ldap read request in tldap_context 2020-08-21T19:14:33+00:00 Volker Lendecke vl@samba.org 2020-08-11T15:14:14+00:00 cb852c9dc0d0fa1d3e7473082ad6b460106b314b Required for proper connection rundown, we need to TALLOC_FREE() the read request before shutting down the tstream Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Required for proper connection rundown, we need to TALLOC_FREE() the
read request before shutting down the tstream

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
tldap: Always remove ourselves from ld->pending at cleanup time 2020-08-21T19:14:33+00:00 Volker Lendecke vl@samba.org 2020-08-17T19:59:48+00:00 14f6d1996ec38620b1c05a3b6c0e26dd21801fac Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
tldap: Fix tldap_msg_received() 2020-08-21T19:14:33+00:00 Volker Lendecke vl@samba.org 2020-08-11T14:54:34+00:00 f816ccb8f4d212fe7f6bf36f90cbb9297c899786 The callback of "req" might have destroyed "ld", we can't reference this anymore after calling tevent_req_done(req). Defer calling the callbacks, which also means that the callbacks can't have added anything to ld->pending. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
The callback of "req" might have destroyed "ld", we can't reference
this anymore after calling tevent_req_done(req). Defer calling the
callbacks, which also means that the callbacks can't have added
anything to ld->pending.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
tldap: Only free() ld->pending if "req" is part of it 2020-08-21T19:14:32+00:00 Volker Lendecke vl@samba.org 2020-08-11T14:16:12+00:00 b85dbc9ccf80d8c19aff33c1da83954e5d6a37ef Best reviewed with "git show -U10". We need to check that "req" is actually the last request that is being freed before freeing the whole array. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Best reviewed with "git show -U10". We need to check that "req" is
actually the last request that is being freed before freeing the whole
array.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth 2020-05-04T02:59:31+00:00 Gary Lockyer gary@catalyst.net.nz 2020-04-02T23:18:03+00:00 f467727db5ff6a6e58d9b590e4d443a1d974b679 Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>