[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Jun 22 21:22:02 UTC 2016
The branch, master has been updated
via a737efe s4-ntlm: Fix a NULL pointer dereference in error path
via f01f424 s4-dsdb: Fix a possible NULL pointer dereference
via 5499cff s3-torture: Do some code hygiene in the ldb test
via 7bac35e librpc: Check for negative return value of socket_get_fd()
via 8e88ab7 util: Fix a possible null pointer dereference
from c0704d9 s3: libsmb: Correctly trim a trailing \ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a737efe2bd45fffe82d1815789c63172e01ed1d7
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 15:53:59 2016 +0200
s4-ntlm: Fix a NULL pointer dereference in error path
Found by clang compiler.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 22 23:21:33 CEST 2016 on sn-devel-144
commit f01f4248536c6f4b2cfe6f28f775deb7cb2fe01a
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 15:48:10 2016 +0200
s4-dsdb: Fix a possible NULL pointer dereference
Detected by clang compiler.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5499cff2014e64ab9b40f038631a9b8eb847ca03
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 15:15:05 2016 +0200
s3-torture: Do some code hygiene in the ldb test
Coverity is confused if in a expresion we use = and not ==.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7bac35e7fd6d2e580648e0028e114626edf3dc2e
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 09:25:16 2016 +0200
librpc: Check for negative return value of socket_get_fd()
Found by Coverity.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8e88ab727a68eb3979ad1bde65001130c7166d1f
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 09:17:07 2016 +0200
util: Fix a possible null pointer dereference
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/util/talloc_report.c | 3 +++
source4/auth/ntlm/auth_winbind.c | 6 ++++--
source4/dsdb/common/util_trusts.c | 4 +++-
source4/librpc/rpc/dcerpc_sock.c | 5 +++++
source4/torture/ldb/ldb.c | 12 ++++++++----
5 files changed, 23 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/talloc_report.c b/lib/util/talloc_report.c
index 9b98347..018d9ab 100644
--- a/lib/util/talloc_report.c
+++ b/lib/util/talloc_report.c
@@ -40,6 +40,9 @@ static char *talloc_vasprintf_append_largebuf(char *buf, ssize_t *pstr_len,
if (buf == NULL) {
return NULL;
}
+ if (fmt == NULL) {
+ return NULL;
+ }
buflen = talloc_get_size(buf);
if (buflen > str_len) {
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index aed893d..447c0de 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -216,9 +216,11 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
if (err) {
DEBUG(1, ("error was %s (0x%08x)\nerror message was '%s'\n",
err->nt_string, err->nt_status, err->display_string));
+ nt_status = NT_STATUS(err->nt_status);
+ wbcFreeMemory(err);
+ } else {
+ nt_status = NT_STATUS_LOGON_FAILURE;
}
- nt_status = NT_STATUS(err->nt_status);
- wbcFreeMemory(err);
NT_STATUS_NOT_OK_RETURN(nt_status);
} else if (!WBC_ERROR_IS_OK(wbc_status)) {
DEBUG(1, ("wbcAuthenticateUserEx: failed with %u - %s\n",
diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c
index 0e69ba2..a083d86 100644
--- a/source4/dsdb/common/util_trusts.c
+++ b/source4/dsdb/common/util_trusts.c
@@ -2671,7 +2671,9 @@ NTSTATUS dsdb_trust_get_incoming_passwords(struct ldb_message *msg,
if (_previous != NULL) {
*_previous = talloc(mem_ctx, struct samr_Password);
if (*_previous == NULL) {
- TALLOC_FREE(*_current);
+ if (_current != NULL) {
+ TALLOC_FREE(*_current);
+ }
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
index f5a1c07..7175eb2 100644
--- a/source4/librpc/rpc/dcerpc_sock.c
+++ b/source4/librpc/rpc/dcerpc_sock.c
@@ -72,6 +72,11 @@ static void continue_socket_connect(struct composite_context *ctx)
return;
}
sock_fd = socket_get_fd(s->socket_ctx);
+ if (sock_fd == -1) {
+ TALLOC_FREE(s->socket_ctx);
+ composite_error(c, NT_STATUS_INVALID_HANDLE);
+ return;
+ }
socket_set_flags(s->socket_ctx, SOCKET_FLAG_NOCLOSE);
TALLOC_FREE(s->socket_ctx);
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
index 6210419..7ea9726 100644
--- a/source4/torture/ldb/ldb.c
+++ b/source4/torture/ldb/ldb.c
@@ -1084,8 +1084,9 @@ static bool torture_ldb_unpack(struct torture_context *torture)
const char *ldif_text = dda1d01d_ldif;
struct ldb_ldif ldif;
+ ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL);
torture_assert(torture,
- ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL),
+ ldb != NULL,
"Failed to init ldb");
torture_assert_int_equal(torture, ldb_unpack_data(ldb, &data, msg), 0,
@@ -1111,12 +1112,14 @@ static bool torture_ldb_parse_ldif(struct torture_context *torture)
struct ldb_val data = data_blob_const(dda1d01d_bin, sizeof(dda1d01d_bin));
struct ldb_message *msg = ldb_msg_new(mem_ctx);
+ ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL);
torture_assert(torture,
- ldb=samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL),
+ ldb != NULL,
"Failed to init ldb");
+ ldif = ldb_ldif_read_string(ldb, &ldif_text);
torture_assert(torture,
- ldif = ldb_ldif_read_string(ldb, &ldif_text),
+ ldif != NULL,
"ldb_ldif_read_string failed");
torture_assert_int_equal(torture, ldif->changetype, LDB_CHANGETYPE_NONE,
"changetype is incorrect");
@@ -1147,8 +1150,9 @@ static bool torture_ldb_unpack_only_attr_list(struct torture_context *torture)
const char *ldif_text;
struct ldb_ldif ldif;
+ ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL);
torture_assert(torture,
- ldb=samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL),
+ ldb != NULL,
"Failed to init samba");
torture_assert_int_equal(torture,
--
Samba Shared Repository
More information about the samba-cvs
mailing list