[SCM] Samba Shared Repository - branch master updated

Michael Adam obnox at samba.org
Wed Feb 3 14:04:04 UTC 2016 

The branch, master has been updated
       via  2d80498 smbd: Fix CID 1351215 Improper use of negative value
       via  f193361 smbd: Fix CID 1351216 Dereference null return value
      from  915185a python:tests/core: add tests for arcfour_encrypt() and string_to_byte_array()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2d80498e64bc7f9e1fd2d080825c1e8904018a19
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Feb 3 09:18:14 2016 +0100

    smbd: Fix CID 1351215 Improper use of negative value
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>
    
    Autobuild-User(master): Michael Adam <obnox at samba.org>
    Autobuild-Date(master): Wed Feb  3 15:03:09 CET 2016 on sn-devel-144

commit f1933618500f8c4787f3bf7aa260e21cd6bf7cd8
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Feb 3 09:10:46 2016 +0100

    smbd: Fix CID 1351216 Dereference null return value
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smbXsrv_client.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c
index 87cc307..0e21fc6 100644
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -63,6 +63,9 @@ NTSTATUS smbXsrv_client_global_init(void)
 	 * This contains secret information like client keys!
 	 */
 	global_path = lock_path("smbXsrv_client_global.tdb");
+	if (global_path == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	db_ctx = db_open(NULL, global_path,
 			 0, /* hash_size */
@@ -287,14 +290,20 @@ NTSTATUS smb2srv_client_connection_pass(struct smbd_smb2_request *smb2req,
 	NTSTATUS status;
 	struct smbXsrv_connection_pass0 pass_info0;
 	struct smbXsrv_connection_passB pass_blob;
+	ssize_t reqlen;
 	struct iovec iov;
 
 	pass_info0.initial_connect_time = global->initial_connect_time;
 	pass_info0.client_guid = global->client_guid;
-	pass_info0.negotiate_request.length = iov_buflen(smb2req->in.vector,
-							 smb2req->in.vector_count);
+
+	reqlen = iov_buflen(smb2req->in.vector, smb2req->in.vector_count);
+	if (reqlen == -1) {
+		return NT_STATUS_INVALID_BUFFER_SIZE;
+	}
+
+	pass_info0.negotiate_request.length = reqlen;
 	pass_info0.negotiate_request.data = talloc_array(talloc_tos(), uint8_t,
-					pass_info0.negotiate_request.length);
+							 reqlen);
 	if (pass_info0.negotiate_request.data == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list