[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Thu Jul 9 23:02:06 UTC 2015
The branch, master has been updated
via fdea2fe rpc_server: Fix CID 1311342 Null pointer dereferences (REVERSE_INULL)
via fc37211 rpc_server: Fix CID 1311341 Integer handling issues (OVERFLOW_BEFORE_WIDEN)
via 3387969 rpc_server: Fix CID 1311340 Null pointer dereferences (NULL_RETURNS)
via a7c2155 rpc_server: Fix CID 1311339 Error handling issues (CHECKED_RETURN)
via 94288f1 smbd: Fix CID 1311338 Error handling issues (CHECKED_RETURN)
via 080e654 smbd: Fix CID 1311337 Error handling issues (CHECKED_RETURN)
via ea55b13 dalloc: Fix CID 1097369 API usage errors (VARARGS)
via 784b6a7 dalloc: Fix a typo
from 540899a dosmode: Change message of result to informational
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fdea2febeea41aec74c32b94b4ff4cbb8f868751
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:30:07 2015 +0200
rpc_server: Fix CID 1311342 Null pointer dereferences (REVERSE_INULL)
elem was dereferenced already a few lines above
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jul 10 01:01:36 CEST 2015 on sn-devel-104
commit fc372110c20c7a3e64684432a342c519aa92e0fc
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:27:41 2015 +0200
rpc_server: Fix CID 1311341 Integer handling issues (OVERFLOW_BEFORE_WIDEN)
Quoting the full message:
Potentially overflowing expression "total_octets * 8U" with type "unsigned int"
(32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a
context that expects an expression of type "uint64_t" (64 bits, unsigned).
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 3387969a1f0a7411b6c490f330a171c09cb8e179
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:24:18 2015 +0200
rpc_server: Fix CID 1311340 Null pointer dereferences (NULL_RETURNS)
In practice this might not be relevant, but better be safe.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a7c215548ae55f8b37b6181bb1271a837a4078ce
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:22:59 2015 +0200
rpc_server: Fix CID 1311339 Error handling issues (CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 94288f153d4ae5b0f8f8a2d0d2d2870ffeccccd9
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:20:46 2015 +0200
smbd: Fix CID 1311338 Error handling issues (CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 080e654ca59feafaa65c4c66c15a99a5f2b16556
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:17:54 2015 +0200
smbd: Fix CID 1311337 Error handling issues (CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ea55b1350b9268e6a3a3569d65e75fb9c79d739a
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:16:00 2015 +0200
dalloc: Fix CID 1097369 API usage errors (VARARGS)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 784b6a79b870296b9ded882afe74e92a01687318
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 9 19:12:09 2015 +0200
dalloc: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/mdssvc/dalloc.c | 4 +++-
source3/rpc_server/mdssvc/dalloc.h | 2 +-
source3/rpc_server/mdssvc/marshalling.c | 4 ++--
source3/rpc_server/mdssvc/mdssvc.c | 12 ++++++++----
source3/smbd/scavenger.c | 7 ++++++-
source3/smbd/server.c | 3 +--
6 files changed, 21 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/mdssvc/dalloc.c b/source3/rpc_server/mdssvc/dalloc.c
index 7a4a86c..28944b8 100644
--- a/source3/rpc_server/mdssvc/dalloc.c
+++ b/source3/rpc_server/mdssvc/dalloc.c
@@ -171,6 +171,7 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
array_len = talloc_array_length(d->dd_talloc_array);
elem = va_arg(args, int);
if (elem >= array_len) {
+ va_end(args);
result = -1;
goto done;
}
@@ -178,6 +179,8 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
type = va_arg(args, const char *);
}
+ va_end(args);
+
array_len = talloc_array_length(d->dd_talloc_array);
for (elem = 0; elem + 1 < array_len; elem += 2) {
@@ -190,7 +193,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...)
break;
}
}
- va_end(args);
done:
if (result != 0) {
diff --git a/source3/rpc_server/mdssvc/dalloc.h b/source3/rpc_server/mdssvc/dalloc.h
index 7a0aecc..b268893 100644
--- a/source3/rpc_server/mdssvc/dalloc.h
+++ b/source3/rpc_server/mdssvc/dalloc.h
@@ -103,7 +103,7 @@
nested = dalloc_get(d, "DALLOC_CTX", 2);
- But you can fetch elements from the neseted DALLOC_CTX:
+ But you can fetch elements from the nested DALLOC_CTX:
p = dalloc_get(d, "DALLOC_CTX", 2, "uint64_t", 0);
diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
index a16966f..0a02f41 100644
--- a/source3/rpc_server/mdssvc/marshalling.c
+++ b/source3/rpc_server/mdssvc/marshalling.c
@@ -1304,8 +1304,8 @@ bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize)
}
total_octets--;
data_octets--;
- data_bytes = data_octets * 8;
- total_bytes = total_octets * 8;
+ data_bytes = ((uint64_t)data_octets) * 8;
+ total_bytes = ((uint64_t)total_octets) * 8;
if (data_bytes >= total_bytes) {
DEBUG(1,("%s: data_bytes: %" PRIu64 ", total_bytes: %" PRIu64 "\n",
diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
index 1143b45..abfea43 100644
--- a/source3/rpc_server/mdssvc/mdssvc.c
+++ b/source3/rpc_server/mdssvc/mdssvc.c
@@ -342,6 +342,9 @@ static bool add_filemeta(sl_array_t *reqinfo,
for (i = 0; i < metacount; i++) {
attribute = dalloc_get_object(reqinfo, i);
+ if (attribute == NULL) {
+ return false;
+ }
if (strcmp(attribute, "kMDItemDisplayName") == 0
|| strcmp(attribute, "kMDItemFSName") == 0) {
p = strrchr(path, '/');
@@ -1605,7 +1608,10 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
goto error;
}
/* For some reason the list of results always starts with a nil entry */
- dalloc_add_copy(fm_array, &nil, sl_nil_t);
+ result = dalloc_add_copy(fm_array, &nil, sl_nil_t);
+ if (result == -1) {
+ goto error;
+ }
reqinfo = dalloc_get(query, "DALLOC_CTX", 0, "sl_array_t", 1);
if (reqinfo == NULL) {
@@ -1650,9 +1656,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx,
goto error;
}
- ok = add_filemeta(reqinfo, fm_array,
- elem ? elem->path : NULL,
- elem ? &sb : NULL);
+ ok = add_filemeta(reqinfo, fm_array, elem->path, &sb);
if (!ok) {
goto error;
}
diff --git a/source3/smbd/scavenger.c b/source3/smbd/scavenger.c
index 3691ba0..6989466 100644
--- a/source3/smbd/scavenger.c
+++ b/source3/smbd/scavenger.c
@@ -269,7 +269,12 @@ static bool smbd_scavenger_start(struct smbd_scavenger_state *state)
scavenger_setup_sig_term_handler(state->ev);
- serverid_register(*state->scavenger_id, FLAG_MSG_GENERAL);
+ if (!serverid_register(*state->scavenger_id,
+ FLAG_MSG_GENERAL)) {
+ DBG_WARNING("serverid_register failed");
+ exit_server("serverid_register failed");
+ return false;
+ }
ok = scavenger_say_hello(fds[1], *state->scavenger_id);
if (!ok) {
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 5925119..5de7f9a 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -399,8 +399,7 @@ static bool smbd_notifyd_init(struct messaging_context *msg, bool interactive)
exit(1);
}
tevent_req_set_callback(req, notifyd_stopped, msg);
- tevent_req_poll(req, ev);
- return true;
+ return tevent_req_poll(req, ev);
}
/*
--
Samba Shared Repository
More information about the samba-cvs
mailing list