[SCM] Samba Shared Repository - branch master updated

Ira Cooper ira at samba.org
Sun Feb 23 23:24:04 MST 2014 

The branch, master has been updated
       via  538cbfe libcli: Overflow array index read possible, in auth code.
       via  72f9932 s3:printing: Fix a possible NULL dereference.
       via  68d5f27 s3:passdb: Fix the use of uninitialized scalar variable.
      from  2b77b07 s3/libsmb: Free memdup'd local variable

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 538cbfe0e90b7c7ed0f8421b323cac4dacd83f04
Author: Ira Cooper <ira at samba.org>
Date:   Thu Feb 13 14:45:23 2014 -0500

    libcli: Overflow array index read possible, in auth code.
    
    The values have to be signed here to allow for the values to go negative,
    to prevent the overflow.
    
    Coverity-Id: 1167990
    Signed-off-by: Ira Cooper <ira at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Ira Cooper <ira at samba.org>
    Autobuild-Date(master): Mon Feb 24 07:23:03 CET 2014 on sn-devel-104

commit 72f9932d4f70f76360490b315f95aa8dedc98390
Author: Poornima Gurusiddaiah <pgurusid at redhat.com>
Date:   Fri Feb 14 03:27:12 2014 +0000

    s3:printing: Fix a possible NULL dereference.
    
    Coverity-Id: 710708
    
    Signed-off-by: Poornima Gurusiddaiah <pgurusid at redhat.com>
    Reviewed-by: Ira Cooper <ira at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 68d5f2746466e43148f19e668093a64e8c610a51
Author: Poornima Gurusiddaiah <pgurusid at redhat.com>
Date:   Fri Feb 14 03:56:56 2014 +0000

    s3:passdb: Fix the use of uninitialized scalar variable.
    
    Coverity-id: 1107228,1107227
    
    Signed-off-by: Poornima Gurusiddaiah <pgurusid at redhat.com>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ira Cooper <ira at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/netlogon_creds_cli.c |    4 ++--
 source3/passdb/py_passdb.c       |   10 ++--------
 source3/printing/printspoolss.c  |    2 +-
 3 files changed, 5 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index d73335d..7e88255 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -1766,8 +1766,8 @@ struct tevent_req *netlogon_creds_cli_ServerPasswordSet_send(TALLOC_CTX *mem_ctx
 
 	if (new_version != NULL) {
 		struct NL_PASSWORD_VERSION version;
-		uint32_t len = IVAL(state->samr_crypt_password.data, 512);
-		uint32_t ofs = 512 - len;
+		int32_t len = IVAL(state->samr_crypt_password.data, 512);
+		int32_t ofs = 512 - len;
 		uint8_t *p;
 
 		if (ofs < 12) {
diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
index 2d3b637..dec45c3 100644
--- a/source3/passdb/py_passdb.c
+++ b/source3/passdb/py_passdb.c
@@ -2483,7 +2483,6 @@ static PyObject *py_pdb_set_account_policy(pytalloc_Object *self, PyObject *args
 static PyObject *py_pdb_search_users(pytalloc_Object *self, PyObject *args)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
-	NTSTATUS status;
 	struct pdb_methods *methods;
 	unsigned int acct_flags;
 	struct pdb_search *search;
@@ -2505,9 +2504,7 @@ static PyObject *py_pdb_search_users(pytalloc_Object *self, PyObject *args)
 	}
 
 	if (!methods->search_users(methods, search, acct_flags)) {
-		PyErr_Format(py_pdb_error, "Unable to search users, (%d,%s)",
-				NT_STATUS_V(status),
-				get_friendly_nt_error_msg(status));
+		PyErr_Format(py_pdb_error, "Unable to search users");
 		talloc_free(frame);
 		return NULL;
 	}
@@ -2550,7 +2547,6 @@ static PyObject *py_pdb_search_users(pytalloc_Object *self, PyObject *args)
 static PyObject *py_pdb_search_groups(pytalloc_Object *self)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
-	NTSTATUS status;
 	struct pdb_methods *methods;
 	struct pdb_search *search;
 	struct samr_displayentry *entry;
@@ -2566,9 +2562,7 @@ static PyObject *py_pdb_search_groups(pytalloc_Object *self)
 	}
 
 	if (!methods->search_groups(methods, search)) {
-		PyErr_Format(py_pdb_error, "Unable to search groups, (%d,%s)",
-				NT_STATUS_V(status),
-				get_friendly_nt_error_msg(status));
+		PyErr_Format(py_pdb_error, "Unable to search groups");
 		talloc_free(frame);
 		return NULL;
 	}
diff --git a/source3/printing/printspoolss.c b/source3/printing/printspoolss.c
index 26d8a00..5dba635 100644
--- a/source3/printing/printspoolss.c
+++ b/source3/printing/printspoolss.c
@@ -248,7 +248,7 @@ done:
 			}
 		}
 		/* We need to delete the job from spoolss too */
-		if (pf->jobid) {
+		if (pf && pf->jobid) {
 			print_spool_terminate(fsp->conn, pf);
 		}
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list