From: Jeremy Allison <jra@samba.org>
Date: Sat, 12 Aug 2023 00:28:53 +0000 (-0700)
Subject: s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
X-Git-Tag: samba-4.17.11~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fca63c10314ca16e30d45880957f0e84d55296ae;p=thirdparty%2Fsamba.git

s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.

Remove the now unneeded req->xxx = NULL assignments (and the
deliberately bogus req->session = (void *)0xDEADBEEF one
used to demonstrate the bug).

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Aug 15 12:06:36 UTC 2023 on atb-devel-224

(Back-ported from commit 4145bfb1b5a3639caf26a310d612aec29fc00117)

Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Thu Aug 17 12:23:05 UTC 2023 on sn-devel-184
---

diff --git a/selftest/knownfail.d/smb1_negprot_tcon b/selftest/knownfail.d/smb1_negprot_tcon
deleted file mode 100644
index 4f620948c31..00000000000
--- a/selftest/knownfail.d/smb1_negprot_tcon
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smbtorture_s3.smb1.SMB1-NEGOTIATE-TCON.smbtorture\(fileserver_smb1\)
diff --git a/source3/smbd/smb2_process.c b/source3/smbd/smb2_process.c
index e003cbaf481..11f556c88ac 100644
--- a/source3/smbd/smb2_process.c
+++ b/source3/smbd/smb2_process.c
@@ -764,6 +764,8 @@ bool init_smb1_request(struct smb_request *req,
 		return false;
 	}
 
+	*req = (struct smb_request) { .cmd = 0};
+
 	req->request_time = timeval_current();
 	now = timeval_to_nttime(&req->request_time);
 
@@ -782,18 +784,13 @@ bool init_smb1_request(struct smb_request *req,
 	req->encrypted = encrypted;
 	req->sconn = sconn;
 	req->xconn = xconn;
-	req->conn = NULL;
 	if (xconn != NULL) {
 		status = smb1srv_tcon_lookup(xconn, req->tid, now, &tcon);
 		if (NT_STATUS_IS_OK(status)) {
 			req->conn = tcon->compat;
 		}
 	}
-	req->chain_fsp = NULL;
-	req->smb2req = NULL;
-	req->chain = NULL;
 	req->posix_pathnames = lp_posix_pathnames();
-	req->session = (void *)0xDEADBEEF;
 	smb_init_perfcount_data(&req->pcd);
 
 	/* Ensure we have at least wct words and 2 bytes of bcc. */
@@ -813,7 +810,6 @@ bool init_smb1_request(struct smb_request *req,
 		return false;
 	}
 
-	req->outbuf = NULL;
 	return true;
 }