| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Like talloc_realloc, zeroing out expanded memory
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
We don't use 'ap' again after this.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
This comment originally referred, not to a va_copy() call, but to the
use of &c with vsnprintf() rather than passing in NULL with a length of
zero.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Ensuring pointers are always initialised avoids compilation errors with
FORTIFY_SOURCE=2.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
I wanted to use this in debug.c, but this would have meant to pollute
debug's deps with a lot of stuff. Also, looking through uses of
talloc_asprint_append(), very many of those don't do NULL checks
properly and could benefit from the _addbuf() flavor. We can add a
vasprintf variant later if the need shows up.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This is now never set, and also never tested, and only makes
the talloc code more complicated.
Once this is gone we can start looking at the memlimit
stuff.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
We only have to do the memlimit check before any
real malloc or realloc. Allocations out of a
memory pool have already been counted in the
memory limit, so don't check in those cases.
This is an application-visible change (although
fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
ALWAYS_REALLOC compiled case.
tc_alloc_pool() or the fallback malloc can return NULL.
Wait until we know we are returning a valid pointer
before decrementing pool_hdr->object_count due to
reallocing out of the talloc_pool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Match other use of ALWAYS_REALLOC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This should address a lot of issues reported by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
warning: cast from 'char *' to 'struct talloc_chunk *' increases required
alignment from 1 to 8
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 19 12:38:50 UTC 2019 on sn-devel-144
|
|
lib/talloc/talloc.c:2419: runtime error: null pointer passed as argument
2, which is declared to never be null
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
The change for https://bugzilla.samba.org/show_bug.cgi?id=7587
("talloc_autofree_context() in shared libraries and plugins is a bad idea on FreeBSD")
(ommit 41b6810ba01f44537f470c806adb8686e1a39c48)
causes the following for sssd on Linux:
Stack trace of thread 19667:
#0 0x00007f2cab91ff6b __GI_raise (libc.so.6)
#1 0x00007f2cab90a5c1 __GI_abort (libc.so.6)
#2 0x00007f2cab90a491 __assert_fail_base (libc.so.6)
#3 0x00007f2cab9186e2 __GI___assert_fail (libc.so.6)
#4 0x00007f2cb10aaca5 k5_mutex_lock (libkrb5.so.3)
#5 0x00007f2cb10ab790 k5_mutex_lock (libkrb5.so.3)
#6 0x00007f2cb10ab8f5 profile_free_file (libkrb5.so.3)
#7 0x00007f2cb10ab983 profile_close_file (libkrb5.so.3)
#8 0x00007f2cb10af249 profile_release (libkrb5.so.3)
#9 0x00007f2cb10a06c7 k5_os_free_context (libkrb5.so.3)
#10 0x00007f2cb1075a9a krb5_free_context (libkrb5.so.3)
#11 0x000055cea7cb2dd1 kcm_data_destructor (sssd_kcm)
#12 0x00007f2cac153e96 _tc_free_internal (libtalloc.so.2)
#13 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#14 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#15 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#16 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#17 0x00007f2cac14e648 _talloc_free (libtalloc.so.2)
#18 0x00007f2cac14c480 talloc_lib_fini (libtalloc.so.2)
#19 0x00007f2cb151da96 _dl_fini (ld-linux-x86-64.so.2)
#20 0x00007f2cab9226bc __run_exit_handlers (libc.so.6)
#21 0x00007f2cab9227ec __GI_exit (libc.so.6)
#22 0x00007f2cb030dc61 orderly_shutdown (libsss_util.so)
#23 0x00007f2cac365a46 tevent_common_check_signal (libtevent.so.0)
#24 0x00007f2cac367975 epoll_event_loop_once (libtevent.so.0)
#25 0x00007f2cac365dab std_event_loop_once (libtevent.so.0)
#26 0x00007f2cac362098 _tevent_loop_once (libtevent.so.0)
#27 0x00007f2cac3622eb tevent_common_loop_wait (libtevent.so.0)
#28 0x00007f2cac365d3b std_event_loop_wait (libtevent.so.0)
#29 0x00007f2cb030eb37 server_loop (libsss_util.so)
#30 0x000055cea7cb29f4 main (sssd_kcm)
#31 0x00007f2cab90c1eb __libc_start_main (libc.so.6)
#32 0x000055cea7cb2c7a _start (sssd_kcm)
We still only register one atexit handler instead of multiple ones
like in talloc 2.1.11, but avoids using a library destructor.
Bug #7587 seems to be fixed by not using talloc_autofree_context()
within samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13366
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
This may help us avoid exploits via memory read attacks on Samba by ensuring that if the read
is on an invalid chunk that the talloc magic disclosed there is not useful
to create a valid chunk and so set a destructor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13211
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
The check required for talloc_abort_magic() prevents the 'access after free error'
from being printed.
It is also no longer possible to determine the difference between invalid memory
and a talloc version mismatch as the magic is now random on many platforms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13210
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 22 00:14:34 CET 2017 on sn-devel-144
|
|
This *isn't* a behavior change, as the previous code could potentially
return the size of null_context, which (currently) is defined as
a named talloc region of ZERO size, but this makes it very clear
what the ABI behavior should be.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 12 19:23:25 CET 2017 on sn-devel-144
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12168
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
_talloc_free_children_internal(), use it to call _tc_free_internal() directly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
extra paranoia check against destructor overwrite.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
_tc_free_internal().
Make it use a struct talloc_chunk *tc parameter. Define _talloc_free_internal()
in terms of _tc_free_internal().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Rename 'ptc' pointer to parent as it's re-used as
that name later in the function.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
struct talloc_chunk *tc as the first argument.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
not the talloc'ed pointer.
Define talloc_vasprintf() in terms of _vasprintf_tc().
We will use _vasprintf_tc() internally later.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
First argument is now struct talloc_chunk *tc.
Ensure all callers pass correct talloc chunk from given pointer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
talloc_chunk *' to tc_XXX().
We will be adding more and it ensures a consistent naming scheme.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
If a destructor reparents a child, we shouldn't exit the
loop freeing children as there may be others to process.
https://bugzilla.samba.org/show_bug.cgi?id=11901
Signed-off-by: Saji VR <saji.vr@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 5 08:33:53 CEST 2016 on sn-devel-144
|
|
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
The use of rand() is strongly discrouanged, but here is it ideal, as we just want to select a different
set of random bytes if we are called again within the same process.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
By setting the talloc magic to a random value, we make it much harder to overwrite a talloc_chunk
in a valid way with a simple buffer overflow.
The flags are placed before more senstive variables so they have to be overwritten first.
Inspired by the exploit in: http://blog.csnc.ch/wp-content/uploads/2012/07/sambaexploit_v1.0.pdf
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
If a destructor returns failure (-1) when freeing a child, talloc
must then reparent the child.
Firstly it tries the owner of any reference, next the parent of the
current object calling _talloc_free_children_internal(), and finally
the null context in the last resort.
If a destructor reparented its own object, which can be a very
desirable thing to do (a destructor can make a decision it isn't
time to die yet, and as the parent may be going away it might
want to move itself to longer-term storage) then this new parent
gets overwritten by the existing reparenting logic.
This patch checks when freeing a child if it already reparented
itself, and if it did doesn't then overwrite the new parent.
Makes destructors more flexible.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
|
|
If the destructor itself calls talloc_set_destructor()
and returns -1, the new destructor set is overwritten
by talloc.
Dectect that and leave the new destructor in place.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
|
|
This avoids the following warning when using:
CFLAGS="-O3 -g -fstrict-overflow -Wstrict-overflow=5"
../talloc.c: In Funktion »talloc_is_parent«:
../talloc.c:2658:21: Warnung: assuming signed overflow does not occur when
changing X +- C1 cmp C2 to X cmp C1 +- C2 [-Wstrict-overflow]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
We need the code to be as fast as possible.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
vsnprintf is significantly more expensive than memcpy. For the
common case where the string we print is less than a kilobyte, avoid
the second vsnprintf.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 15 12:49:14 CEST 2014 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
|
