[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Sun Mar 27 15:12:01 MDT 2011
The branch, master has been updated
via a414356 s3: Fix Coverity ID 2188: MISSING_BREAK
via ba92c45 s3: Fix Coverity ID 2189: MISSING_BREAK
via 25397de tdb: Fix Coverity ID 2192: NO_EFFECT
via 261d6b0 s3: Fix Coverity ID 2195: NO_EFFECT
via 8d9cbc7 librpc: Add some error checking to dcerpc_floor_pack_rhs_if_version_data
via 9370c28 librpc: Fix Coverity ID 2198: NULL_RETURNS
via 240aeeb s3: Fix Coverity ID 2200: NULL_RETURNS (cut&paste error)
via 6bee354 s3: Fix Coverity ID 2228: RESOURCE_LEAK
via 7e6030a s3: Fix Coverity ID 2226: RESOURCE_LEAK
via c07be5f s3: Fix Coverity ID 976: BAD_SIZEOF
via a431394 s3: Fix Coverity ID 958: BAD_SIZEOF
via 8db0374 s3: Fix Coverity ID 682: NEGATIVE_RETURNS
via 1a1675b s3: Fix Coverity ID 590: DEADCODE
via 30085eb s3: Fix Coverity ID 585: NEGATIVE_RETURNS
via 08e4e7f s3: Fix Coverity ID 513: UNINIT
via 7c868e6 s3: Fix Coverity ID 83: RESOURCE_LEAK
from 592c669 s3: Convert cli_raw_tcon to cli_smb
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a414356075ab28259fe4fe534478bc43aa3ce6d9
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 22:06:46 2011 +0200
s3: Fix Coverity ID 2188: MISSING_BREAK
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Sun Mar 27 23:11:10 CEST 2011 on sn-devel-104
commit ba92c45787adb2fc8d3783a517530887eb9947d4
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 22:06:46 2011 +0200
s3: Fix Coverity ID 2189: MISSING_BREAK
commit 25397de589e577e32bb291576b10c18978b5bc4e
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 21:43:53 2011 +0200
tdb: Fix Coverity ID 2192: NO_EFFECT
(ret < 0) can never be true
commit 261d6b0e9bc837520630410b5c016ea043cd8518
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 21:31:44 2011 +0200
s3: Fix Coverity ID 2195: NO_EFFECT
level is unsigned
commit 8d9cbc7c221ae49acef60f82e90f387b05c8e91f
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 21:19:37 2011 +0200
librpc: Add some error checking to dcerpc_floor_pack_rhs_if_version_data
commit 9370c28425500c0ad8cff27886c49ce256a1e59e
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 21:17:53 2011 +0200
librpc: Fix Coverity ID 2198: NULL_RETURNS
commit 240aeeb588a1c3f7f05efcf313cde3d06cce7720
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 20:57:45 2011 +0200
s3: Fix Coverity ID 2200: NULL_RETURNS (cut&paste error)
commit 6bee354377719f1227e0cdc8c44bc8bc86691cd5
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 20:44:01 2011 +0200
s3: Fix Coverity ID 2228: RESOURCE_LEAK
Holger, please check!
commit 7e6030a495edcd2e9b6b82f63f19524c818aab59
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 20:38:52 2011 +0200
s3: Fix Coverity ID 2226: RESOURCE_LEAK
Holger, please check!
commit c07be5f74769d5a3fe450e86ca7e56e9738a3bf6
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 20:06:19 2011 +0200
s3: Fix Coverity ID 976: BAD_SIZEOF
commit a431394ce37a3f647953969c85aac4415184a532
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 20:03:23 2011 +0200
s3: Fix Coverity ID 958: BAD_SIZEOF
This is supposed to wipe out the md5 context, not only the first bytes of it.
Others, please check!
commit 8db0374251b72c3fc82367864da178dc842f588b
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 19:41:34 2011 +0200
s3: Fix Coverity ID 682: NEGATIVE_RETURNS
commit 1a1675bbfee01ec2da6874cd3e71ff188ff448fd
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 19:29:42 2011 +0200
s3: Fix Coverity ID 590: DEADCODE
commit 30085eb7927b48ed4f133d25a9da74dbb83bcb37
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 19:27:26 2011 +0200
s3: Fix Coverity ID 585: NEGATIVE_RETURNS
commit 08e4e7fef7bda8f4e9e3b7da8d0596dfca289c59
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 19:11:44 2011 +0200
s3: Fix Coverity ID 513: UNINIT
commit 7c868e61747350d932b1aee03c1d0d8b4c3ed726
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 27 19:08:10 2011 +0200
s3: Fix Coverity ID 83: RESOURCE_LEAK
-----------------------------------------------------------------------
Summary of changes:
lib/crypto/md5.c | 2 +-
lib/tdb/common/tdb.c | 2 +-
libcli/auth/smbencrypt.c | 5 ++++-
librpc/rpc/binding.c | 23 +++++++++++++++++++----
nsswitch/libwbclient/wbc_util.c | 2 +-
source3/auth/auth_server.c | 2 ++
source3/auth/auth_wbc.c | 4 +++-
source3/client/clitar.c | 3 +++
source3/lib/memcache.c | 4 ----
source3/modules/vfs_crossrename.c | 2 +-
source3/modules/vfs_smb_traffic_analyzer.c | 1 +
source3/passdb/pdb_ldap.c | 2 +-
source3/passdb/pdb_wbc_sam.c | 2 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +-
source3/utils/smbta-util.c | 1 +
15 files changed, 40 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/crypto/md5.c b/lib/crypto/md5.c
index e6178cc..0324744 100644
--- a/lib/crypto/md5.c
+++ b/lib/crypto/md5.c
@@ -144,7 +144,7 @@ _PUBLIC_ void MD5Final(uint8_t digest[16], struct MD5Context *ctx)
MD5Transform(ctx->buf, (uint32_t *) ctx->in);
byteReverse((uint8_t *) ctx->buf, 4);
memmove(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
+ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
}
/* The four core functions - F1 is optimized somewhat */
diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c
index a28e883..66be555 100644
--- a/lib/tdb/common/tdb.c
+++ b/lib/tdb/common/tdb.c
@@ -993,7 +993,7 @@ _PUBLIC_ int tdb_repack(struct tdb_context *tdb)
bool tdb_write_all(int fd, const void *buf, size_t count)
{
while (count) {
- size_t ret;
+ ssize_t ret;
ret = write(fd, buf, count);
if (ret < 0)
return false;
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 3274f11..abd8ad9 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -529,7 +529,7 @@ bool SMBNTLMv2encrypt(TALLOC_CTX *mem_ctx,
bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flags)
{
uint8_t new_pw[512];
- size_t new_pw_len;
+ ssize_t new_pw_len;
/* the incoming buffer can be any alignment. */
string_flags |= STR_NOALIGN;
@@ -537,6 +537,9 @@ bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flag
new_pw_len = push_string(new_pw,
password,
sizeof(new_pw), string_flags);
+ if (new_pw_len == -1) {
+ return false;
+ }
memcpy(&buffer[512 - new_pw_len], new_pw, new_pw_len);
diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 422537e..381e3ae 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -437,19 +437,30 @@ static DATA_BLOB dcerpc_floor_pack_lhs_data(TALLOC_CTX *mem_ctx, const struct nd
return blob;
}
-static DATA_BLOB dcerpc_floor_pack_rhs_if_version_data(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax)
+static bool dcerpc_floor_pack_rhs_if_version_data(
+ TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax,
+ DATA_BLOB *pblob)
{
DATA_BLOB blob;
struct ndr_push *ndr = ndr_push_init_ctx(mem_ctx);
+ enum ndr_err_code ndr_err;
+
+ if (ndr == NULL) {
+ return false;
+ }
ndr->flags |= LIBNDR_FLAG_NOALIGN;
- ndr_push_uint16(ndr, NDR_SCALARS, syntax->if_version >> 16);
+ ndr_err = ndr_push_uint16(ndr, NDR_SCALARS, syntax->if_version >> 16);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
blob = ndr_push_blob(ndr);
talloc_steal(mem_ctx, blob.data);
talloc_free(ndr);
- return blob;
+ *pblob = blob;
+ return true;
}
const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
@@ -817,7 +828,11 @@ _PUBLIC_ NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx,
tower->floors[0].lhs.lhs_data = dcerpc_floor_pack_lhs_data(tower->floors, &binding->object);
- tower->floors[0].rhs.uuid.unknown = dcerpc_floor_pack_rhs_if_version_data(tower->floors, &binding->object);
+ if (!dcerpc_floor_pack_rhs_if_version_data(
+ tower->floors, &binding->object,
+ &tower->floors[0].rhs.uuid.unknown)) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* Floor 1 */
tower->floors[1].lhs.protocol = EPM_PROTOCOL_UUID;
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index 6d7a96c..d783ba3 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -234,7 +234,7 @@ wbcErr wbcDcInfo(const char *domain, size_t *num_dcs,
BAIL_ON_PTR_ERROR(names, wbc_status);
ips = wbcAllocateStringArray(response.data.num_entries);
- BAIL_ON_PTR_ERROR(names, wbc_status);
+ BAIL_ON_PTR_ERROR(ips, wbc_status);
wbc_status = WBC_ERR_INVALID_RESPONSE;
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index fc46ce0..5fee1e4 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -399,6 +399,7 @@ use this machine as the password server.\n"));
user_info->password.plaintext,
strlen(user_info->password.plaintext),
NULL, 0, user_info->mapped.domain_name);
+ break;
/* currently the hash values include a challenge-response as well */
case AUTH_PASSWORD_HASH:
@@ -410,6 +411,7 @@ use this machine as the password server.\n"));
(char *)user_info->password.response.nt.data,
user_info->password.response.nt.length,
user_info->mapped.domain_name);
+ break;
default:
DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n",user_info->mapped.account_name, user_info->password_state));
nt_status = NT_STATUS_INTERNAL_ERROR;
diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c
index c2ff490..7ab9665 100644
--- a/source3/auth/auth_wbc.c
+++ b/source3/auth/auth_wbc.c
@@ -82,6 +82,7 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
params.level = WBC_AUTH_USER_LEVEL_PLAIN;
params.password.plaintext = user_info->password.plaintext;
+ break;
}
case AUTH_PASSWORD_RESPONSE:
case AUTH_PASSWORD_HASH:
@@ -106,10 +107,11 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
params.password.response.lm_data =
user_info->password.response.lanman.data;
}
+ break;
+ }
default:
DEBUG(0,("user_info constructed for user '%s' was invalid - password_state=%u invalid.\n",user_info->mapped.account_name, user_info->password_state));
return NT_STATUS_INTERNAL_ERROR;
- }
#if 0 /* If ever implemented in libwbclient */
case AUTH_PASSWORD_HASH:
{
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index bef53dc..ac891aa 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -1206,16 +1206,19 @@ static void do_tarput(void)
DEBUG(0, ("Skipping %s...\n", finfo.name));
if ((next_block(tarbuf, &buffer_p, tbufsiz) <= 0) && !skip_file(finfo.size)) {
DEBUG(0, ("Short file, bailing out...\n"));
+ SAFE_FREE(longfilename);
return;
}
break;
case -1:
DEBUG(0, ("abandoning restore, -1 from read tar header\n"));
+ SAFE_FREE(longfilename);
return;
case 0: /* chksum is zero - looks like an EOF */
DEBUG(0, ("tar: restored %d files and directories\n", ntarf));
+ SAFE_FREE(longfilename);
return; /* Hmmm, bad here ... */
default:
diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c
index 5c4bafa..425861e 100644
--- a/source3/lib/memcache.c
+++ b/source3/lib/memcache.c
@@ -385,10 +385,6 @@ void memcache_flush(struct memcache *cache, enum memcache_number n)
node = next;
}
- if (node == NULL) {
- return;
- }
-
/*
* Then, find the leftmost element with number n
*/
diff --git a/source3/modules/vfs_crossrename.c b/source3/modules/vfs_crossrename.c
index 323ceb1..ad8f45a 100644
--- a/source3/modules/vfs_crossrename.c
+++ b/source3/modules/vfs_crossrename.c
@@ -80,7 +80,7 @@ static int copy_reg(const char *source, const char *dest)
#endif
goto err;
- if (transfer_file(ifd, ofd, (size_t)-1) == -1)
+ if (transfer_file(ifd, ofd, source_stats.st_ex_size) == -1)
goto err;
/*
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index f3d68dd..1e1732d 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -581,6 +581,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
" found, encrypting data!\n"));
output = smb_traffic_analyzer_encrypt( talloc_tos(),
akey, str, &len);
+ SAFE_FREE(akey);
header = smb_traffic_analyzer_create_header( talloc_tos(),
state_flags, len);
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 0e5567f..07c56eb 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3491,7 +3491,7 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
size_t *p_num_entries,
bool unix_only)
{
- GROUP_MAP map;
+ GROUP_MAP map = { 0, };
size_t entries = 0;
*p_num_entries = 0;
diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
index 9af8e4f..c1a7b75 100644
--- a/source3/passdb/pdb_wbc_sam.c
+++ b/source3/passdb/pdb_wbc_sam.c
@@ -50,7 +50,7 @@ static NTSTATUS _pdb_wbc_sam_getsampw(struct pdb_methods *methods,
if (pwd == NULL)
return NT_STATUS_NO_SUCH_USER;
- memset(user, 0, sizeof(user));
+ ZERO_STRUCTP(user);
/* Can we really get away with this little of information */
user->methods = methods;
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 030324c..d95bd54 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1709,7 +1709,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
return WERR_INVALID_PARAM;
}
- if (r->in.level < 0 || r->in.level > 3) {
+ if (r->in.level > 3) {
return WERR_INVALID_PARAM;
}
if ((r->in.level == 1 && !r->in.userlevel.level1) ||
diff --git a/source3/utils/smbta-util.c b/source3/utils/smbta-util.c
index 5b08165..6dfa0d5 100644
--- a/source3/utils/smbta-util.c
+++ b/source3/utils/smbta-util.c
@@ -154,6 +154,7 @@ static void load_key_from_file_and_activate( char *filename)
if (akey != NULL) {
printf("Removing the old key.\n");
delete_key();
+ SAFE_FREE(akey);
}
printf("Installing the key from file %s\n",filename);
secrets_store("smb_traffic_analyzer_key", key, strlen(key)+1);
--
Samba Shared Repository
More information about the samba-cvs
mailing list