I'm hereby requesting approval from the release team to upload a new version of samba, meant to fix #574468...and, indeed, #606350 (originally reported against sasl2-bin). #606350 is indeed an example of the consequences of this file descriptor leak, predicted in #57468. The leak could also, for instance, lead to deny service on Apache servers that use auth_pam....on systems where pam_winbind is used. The proposed patch (attached) has been successfully tested by the submitter of #606350. --
Index: samba/nsswitch/winbind_client.h =================================================================== --- samba.orig/nsswitch/winbind_client.h +++ samba/nsswitch/winbind_client.h @@ -25,6 +25,6 @@ int winbind_write_sock(void *buffer, int count, int recursing, int need_priv); int winbind_read_sock(void *buffer, int count); -void winbind_close_sock(void); +void winbind_close_sock(void) __attribute__((destructor)); const char *nss_err_str(NSS_STATUS ret);
Attachment:
signature.asc
Description: Digital signature