svn commit: samba r14170 - in branches/SAMBA_3_0/source: libads smbd

jra at samba.org jra at samba.org
Fri Mar 10 18:32:18 GMT 2006 

Author: jra
Date: 2006-03-10 18:32:18 +0000 (Fri, 10 Mar 2006)
New Revision: 14170

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14170

Log:
Paranioa fix for sesssetup.
Fix Coverity bug #26. Guard against NULL ref.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libads/krb5_setpw.c
   branches/SAMBA_3_0/source/smbd/sesssetup.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/krb5_setpw.c
===================================================================
--- branches/SAMBA_3_0/source/libads/krb5_setpw.c	2006-03-10 17:52:52 UTC (rev 14169)
+++ branches/SAMBA_3_0/source/libads/krb5_setpw.c	2006-03-10 18:32:18 UTC (rev 14170)
@@ -65,19 +65,22 @@
 	princ = SMB_STRDUP(principal);
 
 	if ((c = strchr_m(princ, '/')) == NULL) {
-	    c = princ; 
+		c = princ; 
 	} else {
-	    *c = '\0';
-	    c++;
-	    princ_part1 = princ;
+		*c = '\0';
+		c++;
+		princ_part1 = princ;
 	}
 
 	princ_part2 = c;
 
 	if ((c = strchr_m(c, '@')) != NULL) {
-	    *c = '\0';
-	    c++;
-	    realm = c;
+		*c = '\0';
+		c++;
+		realm = c;
+	} else {
+		/* We must have a realm component. */
+		return data_blob(NULL, 0);
 	}
 
 	memset(&req, 0, sizeof(req));
@@ -97,8 +100,9 @@
 	asn1_push_tag(&req, ASN1_CONTEXT(1));
 	asn1_push_tag(&req, ASN1_SEQUENCE(0));
 
-	if (princ_part1) 
-	    asn1_write_GeneralString(&req, princ_part1);
+	if (princ_part1) {
+		asn1_write_GeneralString(&req, princ_part1);
+	}
 	
 	asn1_write_GeneralString(&req, princ_part2);
 	asn1_pop_tag(&req);
@@ -151,6 +155,10 @@
 	else
 		return EINVAL;
 
+	if (setpw.data == NULL || setpw.length == 0) {
+		return EINVAL;
+	}
+
 	encoded_setpw.data = (char *)setpw.data;
 	encoded_setpw.length = setpw.length;
 

Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/sesssetup.c	2006-03-10 17:52:52 UTC (rev 14169)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c	2006-03-10 18:32:18 UTC (rev 14170)
@@ -1079,6 +1079,11 @@
 		return ERROR_NT(nt_status_squash(nt_status));
 	}
 
+	/* Ensure we can't possible take a code path leading to a null defref. */
+	if (!server_info) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
 	nt_status = create_local_token(server_info);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(10, ("create_local_token failed: %s\n",

More information about the samba-cvs mailing list