[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Jan 8 04:45:03 UTC 2016


The branch, master has been updated
       via  657610a smbd: Fix 240393 Uninitialized pointer read
       via  fc4c2dc bind_dlz: Fix CID 1347318 Unchecked return value
       via  0cb8b9d ctdb: Fix CID 1347319 Unchecked return value
       via  4a3ad42 samdb: Fix CID 1347320 Dereference null return value
      from  78e9f1e build: Add space before -D option

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 657610a0e423aa0cd17f9137845a335b02217884
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 7 21:33:18 2016 +0100

    smbd: Fix 240393 Uninitialized pointer read
    
    If we run into the "This is a stream on the root of the share" case,
    in old line 409 (new line 417) we "goto done;". If then in old line 1027
    (new line 1035) "build_stream_path" fails, "start" is uninitialized.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Jan  8 05:44:15 CET 2016 on sn-devel-144

commit fc4c2dcd526851fa938f6d8edb15b58fbb644a45
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 7 21:17:43 2016 +0100

    bind_dlz: Fix CID 1347318 Unchecked return value
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 0cb8b9d113b322f784100365669d2be8b7fa635a
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 7 21:14:05 2016 +0100

    ctdb: Fix CID 1347319 Unchecked return value
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4a3ad425b92122f5b5e61b140eb52d3fe06b724e
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Jan 7 21:10:24 2016 +0100

    samdb: Fix CID 1347320 Dereference null return value
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/common/system_linux.c              |  8 +++++++-
 source3/smbd/filename.c                 | 10 +++++++++-
 source4/dns_server/dlz_bind9.c          | 16 +++++++++++++---
 source4/dsdb/samdb/ldb_modules/samldb.c |  6 ++++++
 4 files changed, 35 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index 6447f56..55c22c5 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -247,7 +247,13 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
 		ip6->ip6_hlim = 255;
 		ip6->ip6_src  = addr->ip6.sin6_addr;
 		/* all-nodes multicast */
-		inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+
+		ret = inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+		if (ret != 1) {
+			close(s);
+			DEBUG(DEBUG_CRIT,(__location__ " failed inet_pton\n"));
+			return -1;
+		}
 
 		nd_na = (struct nd_neighbor_advert *)(ip6+1);
 		nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index c2ed1fc..f2c9184 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -235,7 +235,15 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 		      uint32_t ucf_flags)
 {
 	struct smb_filename *smb_fname = NULL;
-	char *start, *end;
+
+	/*
+	 * This looks strange. But we need "start" initialized to "" here but
+	 * it can't be a const char *, so 'char *start = "";' does not work.
+	 */
+	char cnull = '\0';
+	char *start = &cnull;
+
+	char *end;
 	char *dirpath = NULL;
 	char *stream = NULL;
 	bool component_was_mangled = False;
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 7a76fe5..4c21a5e 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -1438,10 +1438,20 @@ static bool b9_record_match(struct dlz_bind9_data *state,
 	switch (rec1->wType) {
 	case DNS_TYPE_A:
 		return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0;
-	case DNS_TYPE_AAAA:
-		inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
-		inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+	case DNS_TYPE_AAAA: {
+		int ret;
+
+		ret = inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
+		if (ret != 1) {
+			return false;
+		}
+		ret = inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+		if (ret != 1) {
+			return false;
+		}
+
 		return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
+	}
 	case DNS_TYPE_CNAME:
 		return dns_name_equal(rec1->data.cname, rec2->data.cname);
 	case DNS_TYPE_TXT:
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index b9b57db..2394bd9 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -2886,6 +2886,12 @@ static int samldb_verify_subnet(struct samldb_ctx *ac)
 	const struct ldb_val *rdn_value = NULL;
 
 	rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+	if (rdn_value == NULL) {
+		ldb_set_errstring(ldb, "samldb: ldb_dn_get_rdn_val "
+				  "failed");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	cidr = ldb_dn_escape_value(ac, *rdn_value);
 	DBG_INFO("looking at cidr '%s'\n", cidr);
 	if (cidr == NULL) {


-- 
Samba Shared Repository



More information about the samba-cvs mailing list