[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Wed Feb 3 14:04:04 UTC 2016
The branch, master has been updated
via 2d80498 smbd: Fix CID 1351215 Improper use of negative value
via f193361 smbd: Fix CID 1351216 Dereference null return value
from 915185a python:tests/core: add tests for arcfour_encrypt() and string_to_byte_array()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2d80498e64bc7f9e1fd2d080825c1e8904018a19
Author: Volker Lendecke <vl at samba.org>
Date: Wed Feb 3 09:18:14 2016 +0100
smbd: Fix CID 1351215 Improper use of negative value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Wed Feb 3 15:03:09 CET 2016 on sn-devel-144
commit f1933618500f8c4787f3bf7aa260e21cd6bf7cd8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Feb 3 09:10:46 2016 +0100
smbd: Fix CID 1351216 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smbXsrv_client.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c
index 87cc307..0e21fc6 100644
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -63,6 +63,9 @@ NTSTATUS smbXsrv_client_global_init(void)
* This contains secret information like client keys!
*/
global_path = lock_path("smbXsrv_client_global.tdb");
+ if (global_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
db_ctx = db_open(NULL, global_path,
0, /* hash_size */
@@ -287,14 +290,20 @@ NTSTATUS smb2srv_client_connection_pass(struct smbd_smb2_request *smb2req,
NTSTATUS status;
struct smbXsrv_connection_pass0 pass_info0;
struct smbXsrv_connection_passB pass_blob;
+ ssize_t reqlen;
struct iovec iov;
pass_info0.initial_connect_time = global->initial_connect_time;
pass_info0.client_guid = global->client_guid;
- pass_info0.negotiate_request.length = iov_buflen(smb2req->in.vector,
- smb2req->in.vector_count);
+
+ reqlen = iov_buflen(smb2req->in.vector, smb2req->in.vector_count);
+ if (reqlen == -1) {
+ return NT_STATUS_INVALID_BUFFER_SIZE;
+ }
+
+ pass_info0.negotiate_request.length = reqlen;
pass_info0.negotiate_request.data = talloc_array(talloc_tos(), uint8_t,
- pass_info0.negotiate_request.length);
+ reqlen);
if (pass_info0.negotiate_request.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list