samba/sme10/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch

From 137649fc01e6914bbb86a2f5f16c7e03a2fa132d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Fri, 22 Jan 2016 11:44:03 +0200
Subject: [PATCH] s3-parm: clean up defaults when removing global parameters

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693

When globals are re-initialized, they are cleared and globals' talloc
context is freed. However, parm_table still contains a reference to the
global value in the defaults. This confuses lpcfg_string_free() after
commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to
free already freed pointer which is passed by lp_save_defaults():

....
    case P_STRING:
    case P_USTRING:
                  lpcfg_string_set(Globals.ctx,
                                   &parm_table[i].def.svalue,
                                   *(char **)lp_parm_ptr(NULL, &parm_table[i]));
....

here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it
is a pointer to a value allocated with previous Globals.ctx which
already was freed.

This specifically affects registry backend of smb.conf in lp_load_ex()
where init_globals() called explicitly to re-init globals after
lp_save_defaults() if we have registry backend defined.

Reviewed-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144
---
 source3/param/loadparm.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 94de252..9bd47dc 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -402,8 +402,25 @@ static void free_parameters_by_snum(int snum)
  */
 static void free_global_parameters(void)
 {
+       uint32_t i;
+       struct parm_struct *parm;
+
        free_param_opts(&Globals.param_opt);
        free_parameters_by_snum(GLOBAL_SECTION_SNUM);
+
+       /* Reset references in the defaults because the context is going to be freed */
+       for (i=0; parm_table[i].label; i++) {
+               parm = &parm_table[i];
+               if ((parm->type == P_STRING) ||
+                   (parm->type == P_USTRING)) {
+                       if ((parm->def.svalue != NULL) &&
+                           (*(parm->def.svalue) != '\0')) {
+                               if (talloc_parent(parm->def.svalue) == Globals.ctx) {
+                                       parm->def.svalue = NULL;
+                               }
+                       }
+               }
+       }
        TALLOC_FREE(Globals.ctx);
 }
 
-- 
2.5.5

1	vip-ire	1.1	From 137649fc01e6914bbb86a2f5f16c7e03a2fa132d Mon Sep 17 00:00:00 2001
2			From: Alexander Bokovoy <ab@samba.org>
3			Date: Fri, 22 Jan 2016 11:44:03 +0200
4			Subject: [PATCH] s3-parm: clean up defaults when removing global parameters
5
6			BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693
7
8			When globals are re-initialized, they are cleared and globals' talloc
9			context is freed. However, parm_table still contains a reference to the
10			global value in the defaults. This confuses lpcfg_string_free() after
11			commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to
12			free already freed pointer which is passed by lp_save_defaults():
13
14			....
15			case P_STRING:
16			case P_USTRING:
17			lpcfg_string_set(Globals.ctx,
18			&parm_table[i].def.svalue,
19			(char *)lp_parm_ptr(NULL, &parm_table[i]));
20			....
21
22			here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it
23			is a pointer to a value allocated with previous Globals.ctx which
24			already was freed.
25
26			This specifically affects registry backend of smb.conf in lp_load_ex()
27			where init_globals() called explicitly to re-init globals after
28			lp_save_defaults() if we have registry backend defined.
29
30			Reviewed-by: Uri Simchoni <uri@samba.org>
31			Signed-off-by: Alexander Bokovoy <ab@samba.org>
32
33			Autobuild-User(master): Uri Simchoni <uri@samba.org>
34			Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144
35			---
36			source3/param/loadparm.c \| 17 +++++++++++++++++
37			1 file changed, 17 insertions(+)
38
39			diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
40			index 94de252..9bd47dc 100644
41			--- a/source3/param/loadparm.c
42			+++ b/source3/param/loadparm.c
43			@@ -402,8 +402,25 @@ static void free_parameters_by_snum(int snum)
44			*/
45			static void free_global_parameters(void)
46			{
47			+ uint32_t i;
48			+ struct parm_struct *parm;
49			+
50			free_param_opts(&Globals.param_opt);
51			free_parameters_by_snum(GLOBAL_SECTION_SNUM);
52			+
53			+ /* Reset references in the defaults because the context is going to be freed */
54			+ for (i=0; parm_table[i].label; i++) {
55			+ parm = &parm_table[i];
56			+ if ((parm->type == P_STRING) \|\|
57			+ (parm->type == P_USTRING)) {
58			+ if ((parm->def.svalue != NULL) &&
59			+ (*(parm->def.svalue) != '\0')) {
60			+ if (talloc_parent(parm->def.svalue) == Globals.ctx) {
61			+ parm->def.svalue = NULL;
62			+ }
63			+ }
64			+ }
65			+ }
66			TALLOC_FREE(Globals.ctx);
67			}
68
69			--
70			2.5.5
71