From: Andreas Schneider <asn@samba.org>
Date: Thu, 23 Nov 2023 14:53:29 +0000 (+0100)
Subject: s3:libsmb: Pass a memory context to get_ipc_connect()
X-Git-Tag: tdb-1.4.11~907
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96b5cfe4e6c4b727c286b0856446c1d5a31b920b;p=thirdparty%2Fsamba.git

s3:libsmb: Pass a memory context to get_ipc_connect()

Indirect leak of 792 byte(s) in 1 object(s) allocated from:                                                                                                                              #0 0x7f261b8dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f261b2c2bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783                                                                                                              #2 0x7f261b2c473d in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7f261b2c473d in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7f261b2c473d in _talloc_zero ../../lib/talloc/talloc.c:2421                                                                                                                     #5 0x7f2618cb42bc in smbXcli_conn_create ../../libcli/smb/smbXcli_base.c:350
    #6 0x7f261a74acd3 in cli_state_create ../../source3/libsmb/clientgen.c:196                                                                                                           #7 0x7f261a751f0d in cli_connect_nb_done ../../source3/libsmb/cliconnect.c:2715
    #8 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177                                                                                                   #9 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #10 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240                                                                                                             #11 0x7f261a752dde in cli_connect_sock_done ../../source3/libsmb/cliconnect.c:2624
    #12 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #13 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #14 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #15 0x7f261a7ba2c4 in smbsock_any_connect_connected ../../source3/libsmb/smbsock_connect.c:788
    #16 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #17 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #18 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #19 0x7f261a7b75ad in smbsock_connect_connected ../../source3/libsmb/smbsock_connect.c:524
    #20 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #21 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #22 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #23 0x7f261b4b400a in open_socket_out_connected ../../source3/lib/util_sock.c:484
    #24 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #25 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #26 0x7f261a69be3e in tevent_req_trigger ../../lib/tevent/tevent_req.c:291
    #27 0x7f261a699df4 in tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:190
    #28 0x7f261a699e31 in tevent_common_loop_immediate ../../lib/tevent/tevent_immediate.c:236
    #29 0x7f261a6ad3ec in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:905
    #30 0x7f261a6a679e in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
    #31 0x7f261a696538 in _tevent_loop_once ../../lib/tevent/tevent.c:820

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Apr 29 09:48:47 UTC 2024 on atb-devel-224
---

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index c7bb2a37540..724cdfb99ea 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -3958,7 +3958,8 @@ fail:
 
 /* Return a cli_state pointing at the IPC$ share for the given server */
 
-static struct cli_state *get_ipc_connect(char *server,
+static struct cli_state *get_ipc_connect(TALLOC_CTX *mem_ctx,
+					 char *server,
 					 struct sockaddr_storage *server_ss,
 					 struct cli_credentials *creds)
 {
@@ -3969,7 +3970,7 @@ static struct cli_state *get_ipc_connect(char *server,
 	flags |= CLI_FULL_CONNECTION_FORCE_SMB1;
 	flags |= CLI_FULL_CONNECTION_IPC;
 
-	nt_status = cli_full_connection_creds(NULL,
+	nt_status = cli_full_connection_creds(mem_ctx,
 					      &cli,
 					      NULL,
 					      server,
@@ -3988,7 +3989,7 @@ static struct cli_state *get_ipc_connect(char *server,
 	    fstring remote_name;
 
 	    if (name_status_find("*", 0, 0, server_ss, remote_name)) {
-		cli = get_ipc_connect(remote_name, server_ss, creds);
+		cli = get_ipc_connect(mem_ctx, remote_name, server_ss, creds);
 		if (cli)
 		    return cli;
 	    }
@@ -4053,7 +4054,7 @@ struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
 	DEBUG(4, ("found master browser %s, %s\n", name, addr));
 
 	print_sockaddr(addr, sizeof(addr), &server_ss);
-	cli = get_ipc_connect(addr, &server_ss, creds);
+	cli = get_ipc_connect(ctx, addr, &server_ss, creds);
 
 	return cli;
 }