[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Wed Jan 2 06:20:03 MST 2013


The branch, master has been updated
       via  94f11e9 s3-net: Fix rpc_service_list_internal() null pointer passing.
       via  9b0c1ab s3-rpcclient: Fix cmd_eventlog_loginfo() null pointer passing.
       via  30e1dc0 s3-rpcclient: Fix cmd_eventlog_readlog() null pointer passing.
       via  ab14918 s3-idmap: Check return value of string_to_sid().
      from  6cb7c4f docs: Fix typo in vfs_tsmsm.8.xml.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 94f11e9d168931018125a1552f22b786ba290dd0
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Dec 21 16:03:51 2012 +0100

    s3-net: Fix rpc_service_list_internal() null pointer passing.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    
    Found by Coverity.
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Wed Jan  2 14:19:50 CET 2013 on sn-devel-104

commit 9b0c1ab07c2c9a3fce1c49ad3d476ca1301182a4
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Dec 21 15:58:49 2012 +0100

    s3-rpcclient: Fix cmd_eventlog_loginfo() null pointer passing.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    
    Found by Coverity.

commit 30e1dc08df8d891e1ab6e17d786a7a239417947f
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Dec 21 15:52:02 2012 +0100

    s3-rpcclient: Fix cmd_eventlog_readlog() null pointer passing.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    
    Found by Coverity.

commit ab14918ea406eed2ed79c39dea7b855e4ecbac74
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Dec 14 16:54:55 2012 +0100

    s3-idmap: Check return value of string_to_sid().
    
    Found by Coverity.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Christian Ambach <ambi at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/rpcclient/cmd_eventlog.c |   25 ++++++++++++++++---------
 source3/utils/net_rpc_service.c  |   15 +++++++++++++--
 source3/winbindd/idmap_autorid.c |    7 ++++++-
 3 files changed, 35 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpcclient/cmd_eventlog.c b/source3/rpcclient/cmd_eventlog.c
index a9d971e..949e025 100644
--- a/source3/rpcclient/cmd_eventlog.c
+++ b/source3/rpcclient/cmd_eventlog.c
@@ -69,7 +69,7 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
 			 EVENTLOG_SEQUENTIAL_READ;
 	uint32_t offset = 0;
 	uint32_t number_of_bytes = 0;
-	uint8_t *data = NULL;
+	uint8_t *data;
 	uint32_t sent_size = 0;
 	uint32_t real_size = 0;
 
@@ -84,10 +84,6 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
 
 	if (argc >= 4) {
 		number_of_bytes = atoi(argv[3]);
-		data = talloc_array(mem_ctx, uint8_t, number_of_bytes);
-		if (!data) {
-			goto done;
-		}
 	}
 
 	status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
@@ -95,6 +91,11 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
 		return status;
 	}
 
+	data = talloc_array(mem_ctx, uint8_t, number_of_bytes);
+	if (data == NULL) {
+		goto done;
+	}
+
 	do {
 
 		enum ndr_err_code ndr_err;
@@ -118,8 +119,8 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client *cli,
 		if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL) &&
 		    real_size > 0 ) {
 			number_of_bytes = real_size;
-			data = talloc_array(mem_ctx, uint8_t, real_size);
-			if (!data) {
+			data = talloc_realloc(mem_ctx, data, uint8_t, real_size);
+			if (data == NULL) {
 				goto done;
 			}
 			status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,
@@ -509,6 +510,12 @@ static NTSTATUS cmd_eventlog_loginfo(struct rpc_pipe_client *cli,
 		return status;
 	}
 
+	buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
+	if (buffer == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
 	status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,
 						   &handle,
 						   0, /* level */
@@ -525,8 +532,8 @@ static NTSTATUS cmd_eventlog_loginfo(struct rpc_pipe_client *cli,
 	}
 
 	buf_size = bytes_needed;
-	buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
-	if (!buffer) {
+	buffer = talloc_realloc(mem_ctx, buffer, uint8_t, bytes_needed);
+	if (buffer == NULL) {
 		status = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
diff --git a/source3/utils/net_rpc_service.c b/source3/utils/net_rpc_service.c
index 523eafd..0c0995a 100644
--- a/source3/utils/net_rpc_service.c
+++ b/source3/utils/net_rpc_service.c
@@ -289,7 +289,7 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c,
 	int i;
 	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
 
-	uint8_t *buffer = NULL;
+	uint8_t *buffer;
 	uint32_t buf_size = 0;
 	uint32_t bytes_needed = 0;
 	uint32_t num_services = 0;
@@ -307,6 +307,12 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c,
 		return werror_to_ntstatus(result);
 	}
 
+	buffer = talloc_array(mem_ctx, uint8_t, buf_size);
+	if (buffer == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
 	do {
 		status = dcerpc_svcctl_EnumServicesStatusW(b, mem_ctx,
 							   &hSCM,
@@ -327,8 +333,12 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c,
 		}
 
 		if (W_ERROR_EQUAL(result, WERR_MORE_DATA) && bytes_needed > 0) {
-			buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
 			buf_size = bytes_needed;
+			buffer = talloc_realloc(mem_ctx, buffer, uint8_t, bytes_needed);
+			if (buffer == NULL) {
+				status = NT_STATUS_NO_MEMORY;
+				break;
+			}
 			continue;
 		}
 
@@ -381,6 +391,7 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c,
 
 	} while (W_ERROR_EQUAL(result, WERR_MORE_DATA));
 
+done:
 	if (is_valid_policy_hnd(&hSCM)) {
 		WERROR _result;
 		dcerpc_svcctl_CloseServiceHandle(b, mem_ctx, &hSCM, &_result);
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 621cae9..b7b1689 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -248,6 +248,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
 	char *keystr;
 	struct dom_sid sid;
 	NTSTATUS status;
+	bool ok;
 
 	/* can this be one of our ids? */
 	if (map->xid.id < cfg->minvalue) {
@@ -297,8 +298,12 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg,
 		return idmap_autorid_map_id_to_sid(dom, map);
 	}
 
-	string_to_sid(&sid, (const char *)data.dptr);
+	ok = string_to_sid(&sid, (const char *)data.dptr);
 	TALLOC_FREE(data.dptr);
+	if (!ok) {
+		map->status = ID_UNKNOWN;
+		return NT_STATUS_OK;
+	}
 
 	sid_compose(map->sid, &sid,
 		    (map->xid.id - cfg->minvalue -


-- 
Samba Shared Repository


More information about the samba-cvs mailing list