[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Apr 27 00:13:03 UTC 2016
The branch, master has been updated
via f4181f2 ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
via 51f221c dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
via 9a7a38a lib/http/http_auth: Fix CID 1273428 - Unchecked return value
via b9ffb93 talloc/testsuite: Fix CID 1291641 - Logically dead code
from f9099d3 s3-libads: Fix compilation with MIT Kerberos
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f4181f25b4ae3db684e43837449617e75183ecc8
Author: Robin Hack <hack.robin at gmail.com>
Date: Tue Apr 26 17:51:46 2016 +0200
ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
Fix unitialized 'visited' value (pointer to pointer) in
ldb_eval_transitive_filter() which passes 'visited' value later to
ldb_eval_transitive_filter_helper().
Signed-off-by: Robin Hack <hack.robin at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 27 02:12:39 CEST 2016 on sn-devel-144
commit 51f221c86eb7004f7a45c9cd03aa889e94a8dbc6
Author: Robin Hack <hack.robin at gmail.com>
Date: Tue Apr 26 15:17:51 2016 +0200
dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
Unchecked return value of gnutls_global_init().
Signed-off-by: Robin Hack <hack.robin at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9a7a38a6dde6418e48048fdf8bfcd6f38674e443
Author: Robin Hack <hack.robin at gmail.com>
Date: Tue Apr 26 13:58:27 2016 +0200
lib/http/http_auth: Fix CID 1273428 - Unchecked return value
There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.
http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.
For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:
...
switch (spnego_state->state_position) {
..
case SPNEGO_SERVER_START:
if (in.length) {
Signed-off-by: Robin Hack <hack.robin at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b9ffb9322b987409693e4faa277b5e3f46ad8b22
Author: Robin Hack <hack.robin at gmail.com>
Date: Tue Apr 26 13:02:01 2016 +0200
talloc/testsuite: Fix CID 1291641 - Logically dead code
Add check for snprintf return code.
Signed-off-by: Robin Hack <hack.robin at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb-samba/ldb_matching_rules.c | 2 +-
lib/talloc/testsuite.c | 10 +++++-----
source4/lib/http/http_auth.c | 3 +++
source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c | 6 +++++-
4 files changed, 14 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c
index 1692a73..637858f 100644
--- a/lib/ldb-samba/ldb_matching_rules.c
+++ b/lib/ldb-samba/ldb_matching_rules.c
@@ -206,7 +206,7 @@ static int ldb_eval_transitive_filter(TALLOC_CTX *mem_ctx,
struct dsdb_dn *dn_to_match;
const char *dn_oid;
unsigned int count;
- struct dsdb_dn **visited;
+ struct dsdb_dn **visited = NULL;
schema = dsdb_get_schema(ldb, mem_ctx);
if (schema == NULL) {
diff --git a/lib/talloc/testsuite.c b/lib/talloc/testsuite.c
index 34410b8..5eab839 100644
--- a/lib/talloc/testsuite.c
+++ b/lib/talloc/testsuite.c
@@ -1795,11 +1795,11 @@ static bool test_pthread_talloc_passing(void)
* They will use their own toplevel contexts.
*/
for (i = 0; i < NUM_THREADS; i++) {
- (void)snprintf(str_array[i],
- 20,
- "thread:%d",
- i);
- if (str_array[i] == NULL) {
+ ret = snprintf(str_array[i],
+ 20,
+ "thread:%d",
+ i);
+ if (ret < 0) {
printf("snprintf %d failed\n", i);
return false;
}
diff --git a/source4/lib/http/http_auth.c b/source4/lib/http/http_auth.c
index d846ec2..b6f102f 100644
--- a/source4/lib/http/http_auth.c
+++ b/source4/lib/http/http_auth.c
@@ -96,6 +96,9 @@ static NTSTATUS http_create_auth_request(TALLOC_CTX *mem_ctx,
if (auth_response) {
status = http_parse_auth_response(auth, auth_response, &in);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
} else {
in = data_blob_null;
}
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
index ac12c64..a9bd57f 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
@@ -829,7 +829,11 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
*rsa = NULL;
- gnutls_global_init();
+ ret = gnutls_global_init();
+ if (ret != GNUTLS_E_SUCCESS) {
+ DBG_ERR("TLS error: %s\n", gnutls_strerror(ret));
+ return WERR_INTERNAL_ERROR;
+ }
#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
--
Samba Shared Repository
More information about the samba-cvs
mailing list