svn commit: samba r14170 - in branches/SAMBA_3_0/source: libads smbd
jra at samba.org
jra at samba.org
Fri Mar 10 18:32:18 GMT 2006
Author: jra
Date: 2006-03-10 18:32:18 +0000 (Fri, 10 Mar 2006)
New Revision: 14170
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14170
Log:
Paranioa fix for sesssetup.
Fix Coverity bug #26. Guard against NULL ref.
Jeremy.
Modified:
branches/SAMBA_3_0/source/libads/krb5_setpw.c
branches/SAMBA_3_0/source/smbd/sesssetup.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/krb5_setpw.c
===================================================================
--- branches/SAMBA_3_0/source/libads/krb5_setpw.c 2006-03-10 17:52:52 UTC (rev 14169)
+++ branches/SAMBA_3_0/source/libads/krb5_setpw.c 2006-03-10 18:32:18 UTC (rev 14170)
@@ -65,19 +65,22 @@
princ = SMB_STRDUP(principal);
if ((c = strchr_m(princ, '/')) == NULL) {
- c = princ;
+ c = princ;
} else {
- *c = '\0';
- c++;
- princ_part1 = princ;
+ *c = '\0';
+ c++;
+ princ_part1 = princ;
}
princ_part2 = c;
if ((c = strchr_m(c, '@')) != NULL) {
- *c = '\0';
- c++;
- realm = c;
+ *c = '\0';
+ c++;
+ realm = c;
+ } else {
+ /* We must have a realm component. */
+ return data_blob(NULL, 0);
}
memset(&req, 0, sizeof(req));
@@ -97,8 +100,9 @@
asn1_push_tag(&req, ASN1_CONTEXT(1));
asn1_push_tag(&req, ASN1_SEQUENCE(0));
- if (princ_part1)
- asn1_write_GeneralString(&req, princ_part1);
+ if (princ_part1) {
+ asn1_write_GeneralString(&req, princ_part1);
+ }
asn1_write_GeneralString(&req, princ_part2);
asn1_pop_tag(&req);
@@ -151,6 +155,10 @@
else
return EINVAL;
+ if (setpw.data == NULL || setpw.length == 0) {
+ return EINVAL;
+ }
+
encoded_setpw.data = (char *)setpw.data;
encoded_setpw.length = setpw.length;
Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-03-10 17:52:52 UTC (rev 14169)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-03-10 18:32:18 UTC (rev 14170)
@@ -1079,6 +1079,11 @@
return ERROR_NT(nt_status_squash(nt_status));
}
+ /* Ensure we can't possible take a code path leading to a null defref. */
+ if (!server_info) {
+ return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ }
+
nt_status = create_local_token(server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_local_token failed: %s\n",
More information about the samba-cvs
mailing list