Replace all char with uint8_t #2
Comments
tguillem
added a commit
to tguillem/libsmb2
that referenced
this issue
Nov 16, 2020
The dcerpc_context can be freed from pdu callbacks but was used after
for freeing the pdu. So free the pdu using the dcerpc_context before
calling callbacks.
Asan trace:
=218284==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060006ff680 at pc 0x7f9104b4ed1b bp 0x7f9104d1bfc0 sp 0x7f9104d1bfb8
READ of size 8 at 0x6060006ff680 thread T25
#0 0x7f9104b4ed1a in dcerpc_free_pdu ../../lib/dcerpc.c:428
sahlberg#1 0x7f9104b4f7b7 in smb2_bind_cb ../../lib/dcerpc.c:1563
sahlberg#2 0x7f9104b561e7 in smb2_destroy_context ../../lib/init.c:320
sahlberg#3 0x7f9104bdab4d in vlc_smb2_open_share ../../modules/access/smb2.c:602
sahlberg#4 0x7f9104bdb5f3 in Open ../../modules/access/smb2.c:713
0x6060006ff680 is located 0 bytes inside of 56-byte region [0x6060006ff680,0x6060006ff6b8)
freed by thread T25 here:
#0 0x7f912c570b6f in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xa9b6f)
sahlberg#1 0x7f9104b4eca7 in dcerpc_destroy_context ../../lib/dcerpc.c:417
sahlberg#2 0x7f9104b773df in share_enum_bind_cb ../../lib/smb2-share-enum.c:111
sahlberg#3 0x7f9104b4cc89 in dcerpc_bind_cb ../../lib/dcerpc.c:1540
sahlberg#4 0x7f9104b4f7ac in smb2_bind_cb ../../lib/dcerpc.c:1562
sahlberg#5 0x7f9104b561e7 in smb2_destroy_context ../../lib/init.c:320
sahlberg#6 0x7f9104bdab4d in vlc_smb2_open_share ../../modules/access/smb2.c:602
sahlberg#7 0x7f9104bdb5f3 in Open ../../modules/access/smb2.c:713
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: