svn commit: samba r17918 - in branches/SAMBA_3_0_RELEASE/source: nmbd rpc_parse rpc_server torture utils web

jerry at samba.org jerry at samba.org
Tue Aug 29 16:07:13 GMT 2006 

Author: jerry
Date: 2006-08-29 16:07:10 +0000 (Tue, 29 Aug 2006)
New Revision: 17918

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17918

Log:
* NULL deref fixes
* time fixes for tortore
* nmbd crash fix


Modified:
   branches/SAMBA_3_0_RELEASE/source/nmbd/nmbd_namequery.c
   branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_samr.c
   branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_srvsvc_nt.c
   branches/SAMBA_3_0_RELEASE/source/torture/torture.c
   branches/SAMBA_3_0_RELEASE/source/utils/ntlm_auth.c
   branches/SAMBA_3_0_RELEASE/source/web/cgi.c


Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/nmbd/nmbd_namequery.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nmbd/nmbd_namequery.c	2006-08-29 16:05:28 UTC (rev 17917)
+++ branches/SAMBA_3_0_RELEASE/source/nmbd/nmbd_namequery.c	2006-08-29 16:07:10 UTC (rev 17918)
@@ -59,7 +59,15 @@
   
 			rrec->repeat_count = 0;
 			/* How long we should wait for. */
-			rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			if (nmb->answers) {
+				rrec->repeat_time = p->timestamp + nmb->answers->ttl;
+			} else {
+				/* No answer - this is probably a corrupt
+				   packet.... */
+				DEBUG(0,("query_name_response: missing answer record in "
+					"NMB_WACK_OPCODE response.\n"));
+				rrec->repeat_time = p->timestamp + 10;
+			}
 			rrec->num_msgs--;
 			return;
 		} else if(nmb->header.rcode != 0) {

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_samr.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_samr.c	2006-08-29 16:05:28 UTC (rev 17917)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_samr.c	2006-08-29 16:07:10 UTC (rev 17918)
@@ -6895,8 +6895,7 @@
 	q_u->switch_value = switch_value;
 	q_u->ctr = ctr;
 
-	if (q_u->ctr != NULL)
-		q_u->ctr->switch_value = switch_value;
+	q_u->ctr->switch_value = switch_value;
 
 	switch (switch_value) {
 	case 18:

Modified: branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_srvsvc_nt.c	2006-08-29 16:05:28 UTC (rev 17917)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_srvsvc_nt.c	2006-08-29 16:07:10 UTC (rev 17918)
@@ -653,7 +653,9 @@
 	(*stot) = list_sessions(&session_list);
 
 	if (ss0 == NULL) {
-		(*snum) = 0;
+		if (snum) {
+			(*snum) = 0;
+		}
 		SAFE_FREE(session_list);
 		return;
 	}

Modified: branches/SAMBA_3_0_RELEASE/source/torture/torture.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/torture/torture.c	2006-08-29 16:05:28 UTC (rev 17917)
+++ branches/SAMBA_3_0_RELEASE/source/torture/torture.c	2006-08-29 16:07:10 UTC (rev 17918)
@@ -2433,8 +2433,8 @@
 	fnum = cli_open(cli, fname, 
 			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
 	cli_close(cli, fnum);
-	if (!cli_qpathinfo2(cli, fname, &c_time, &a_time, &m_time, 
-			    &w_time, &size, NULL, NULL)) {
+	if (!cli_qpathinfo2(cli, fname, &c_time, &a_time, &w_time, 
+			    &m_time, &size, NULL, NULL)) {
 		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	} else {
@@ -2455,8 +2455,8 @@
 		correct = False;
 	}
 	sleep(3);
-	if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time, 
-			    &w_time, &size, NULL, NULL)) {
+	if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &w_time, 
+			    &m_time, &size, NULL, NULL)) {
 		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	}
@@ -2465,8 +2465,8 @@
 			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
 	cli_write(cli, fnum,  0, (char *)&fnum, 0, sizeof(fnum));
 	cli_close(cli, fnum);
-	if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &m_time2, 
-			    &w_time, &size, NULL, NULL)) {
+	if (!cli_qpathinfo2(cli, "\\trans2\\", &c_time, &a_time, &w_time, 
+			    &m_time2, &size, NULL, NULL)) {
 		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(cli));
 		correct = False;
 	} else {

Modified: branches/SAMBA_3_0_RELEASE/source/utils/ntlm_auth.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/ntlm_auth.c	2006-08-29 16:05:28 UTC (rev 17917)
+++ branches/SAMBA_3_0_RELEASE/source/utils/ntlm_auth.c	2006-08-29 16:07:10 UTC (rev 17918)
@@ -1097,7 +1097,6 @@
 	if (client_ntlmssp_state == NULL) {
 		DEBUG(1, ("Got NTLMSSP tArg without a client state\n"));
 		x_fprintf(x_stdout, "BH\n");
-		ntlmssp_end(&client_ntlmssp_state);
 		return;
 	}
 

Modified: branches/SAMBA_3_0_RELEASE/source/web/cgi.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/web/cgi.c	2006-08-29 16:05:28 UTC (rev 17917)
+++ branches/SAMBA_3_0_RELEASE/source/web/cgi.c	2006-08-29 16:07:10 UTC (rev 17918)
@@ -80,8 +80,9 @@
 
 	}
 	
-
-	ret[i] = 0;
+	if (ret) {
+		ret[i] = 0;
+	}
 	return ret;
 }

More information about the samba-cvs mailing list