From 0a044e409dede6a51c32d269e82c17f6b8f5abf0 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 11 Aug 2023 17:28:53 -0700
Subject: [PATCH] s3: smbd: Ensure init_smb1_request() zeros out what the
 incoming pointer points to.

Remove the now unneeded req->xxx = NULL assignments (and the
deliberately bogus req->session = (void *)0xDEADBEEF one
used to demonstrate the bug).

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Aug 15 12:06:36 UTC 2023 on atb-devel-224

(Back-ported from commit 4145bfb1b5a3639caf26a310d612aec29fc00117)

Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-18-test): Fri Aug 18 14:07:39 UTC 2023 on atb-devel-224
---
 selftest/knownfail.d/smb1_negprot_tcon | 1 -
 source3/smbd/smb2_process.c            | 8 ++------
 2 files changed, 2 insertions(+), 7 deletions(-)
 delete mode 100644 selftest/knownfail.d/smb1_negprot_tcon

diff --git a/selftest/knownfail.d/smb1_negprot_tcon b/selftest/knownfail.d/smb1_negprot_tcon
deleted file mode 100644
index 4f620948c31..00000000000
--- a/selftest/knownfail.d/smb1_negprot_tcon
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smbtorture_s3.smb1.SMB1-NEGOTIATE-TCON.smbtorture\(fileserver_smb1\)
diff --git a/source3/smbd/smb2_process.c b/source3/smbd/smb2_process.c
index e003cbaf481..11f556c88ac 100644
--- a/source3/smbd/smb2_process.c
+++ b/source3/smbd/smb2_process.c
@@ -764,6 +764,8 @@ bool init_smb1_request(struct smb_request *req,
 		return false;
 	}
 
+	*req = (struct smb_request) { .cmd = 0};
+
 	req->request_time = timeval_current();
 	now = timeval_to_nttime(&req->request_time);
 
@@ -782,18 +784,13 @@ bool init_smb1_request(struct smb_request *req,
 	req->encrypted = encrypted;
 	req->sconn = sconn;
 	req->xconn = xconn;
-	req->conn = NULL;
 	if (xconn != NULL) {
 		status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
 		if (NT_STATUS_IS_OK(status)) {
 			req->conn = tcon->compat;
 		}
 	}
-	req->chain_fsp = NULL;
-	req->smb2req = NULL;
-	req->chain = NULL;
 	req->posix_pathnames = lp_posix_pathnames();
-	req->session = (void *)0xDEADBEEF;
 	smb_init_perfcount_data(&req->pcd);
 
 	/* Ensure we have at least wct words and 2 bytes of bcc. */
@@ -813,7 +810,6 @@ bool init_smb1_request(struct smb_request *req,
 		return false;
 	}
 
-	req->outbuf = NULL;
 	return true;
 }
 
-- 
2.47.3