From: Jeremy Allison Date: Wed, 6 May 2020 19:36:00 +0000 (-0700) Subject: s3: RPC: Don't crash on trying to talloc_free(-1) if smb_iconv_open_ex() fails. X-Git-Tag: ldb-2.2.0~627 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=14df5d20a8ec00bf8627732284f427f6463177e3;p=thirdparty%2Fsamba.git s3: RPC: Don't crash on trying to talloc_free(-1) if smb_iconv_open_ex() fails. Assign output from smb_iconv_open_ex() to a temporary handle. Only assign to mds_ctx->[handles] if correctly opened otherwise we end up trying to call smb_iconv_close(-1). MacOSX Catalina triggers this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14372 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu May 7 18:03:16 UTC 2020 on sn-devel-184 --- diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c index fce3335d602..d6edc1c1686 100644 --- a/source3/rpc_server/mdssvc/mdssvc.c +++ b/source3/rpc_server/mdssvc/mdssvc.c @@ -1528,6 +1528,7 @@ struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx, struct mds_ctx *mds_ctx; int backend; bool ok; + smb_iconv_t iconv_hnd = (smb_iconv_t)-1; mds_ctx = talloc_zero(mem_ctx, struct mds_ctx); if (mds_ctx == NULL) { @@ -1566,21 +1567,23 @@ struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx, goto error; } - mds_ctx->ic_nfc_to_nfd = smb_iconv_open_ex(mds_ctx, + iconv_hnd = smb_iconv_open_ex(mds_ctx, "UTF8-NFD", "UTF8-NFC", false); - if (mds_ctx->ic_nfc_to_nfd == (smb_iconv_t)-1) { + if (iconv_hnd == (smb_iconv_t)-1) { goto error; } + mds_ctx->ic_nfc_to_nfd = iconv_hnd; - mds_ctx->ic_nfd_to_nfc = smb_iconv_open_ex(mds_ctx, + iconv_hnd = smb_iconv_open_ex(mds_ctx, "UTF8-NFC", "UTF8-NFD", false); - if (mds_ctx->ic_nfd_to_nfc == (smb_iconv_t)-1) { + if (iconv_hnd == (smb_iconv_t)-1) { goto error; } + mds_ctx->ic_nfd_to_nfc = iconv_hnd; mds_ctx->sharename = talloc_strdup(mds_ctx, sharename); if (mds_ctx->sharename == NULL) {