9881 smbd terminated by SIGABRT after smb_account_free()
Review Request #1229 — Created Oct. 10, 2018 and submitted — Latest diff uploaded
| Information | |
|---|---|
| vgusev | |
| illumos-gate | |
| master | |
| 9881 | |
| 39a1b92... | |
| Reviewers | |
| general | |
| gwr, jbk | |
Fix double free when lsa_lookup_sid() failed
Double free can occur if lsa_lookup_sid() returns error with polluted @info argument.
Vulnerable are lsa_LookupSids and lsa_LookupSids2 calls.
Before fix:
~# rpcclient -U ""%"" -c "lookupsids S-1-5" 192.168.1.18
result was NT_STATUS_IO_TIMEOUTAnd core files at smb server side (/core.smbd.1538999930) .
After fix:
~# rpcclient -U ""%"" -c "lookupsids S-1-5" 192.168.1.18
S-1-5 unknown*unknown* (8)No core files at server side.